[StepSecurity] ci: Harden GitHub Actions (#313)

Signed-off-by: StepSecurity Bot <[email protected]>
Co-authored-by: StepSecurity Bot <[email protected]>

Author: Ryan Ware

.github/workflows/basic_func_tests.yml

@@ -14,6 +14,9 @@ on:
   workflow_dispatch:
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
+permissions:
+  contents: read
+
 jobs:
   # This workflow contains a single job called "build"
   build:

.github/workflows/codeql.yml

@@ -19,6 +19,9 @@ on:
   schedule:
     - cron: '41 23 * * 3'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})