fix(security): add explicit workflow permissions

[cl-efornaciari]

Summary

Resolves 9 CodeQL workflow alerts (actions/missing-workflow-permissions) by adding explicit permissions blocks to all jobs that lacked them.

Changes

.github/workflows/checks.yml

Added permissions: contents: read to 7 jobs: check-changesets, install-packages, unit-tests, integration-tests, linters, run-documentation-check, ea-framework-version-check.

.github/workflows/release.yml

Added permissions: contents: write to the gh-release job (required for creating releases).

.github/workflows/deploy.yml

Added permissions: contents: read to the calculate-changes job.

Rationale

Explicit permissions follow the principle of least privilege and satisfy CodeQL security checks.

Made with Cursor

[changeset-bot]

⚠️ No Changeset found

Latest commit: e78a75e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR