Update valitydev/java-workflow action to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
valitydev/java-workflow	action	major	v3 → v4

---

Release Notes

valitydev/java-workflow (valitydev/java-workflow)

v4

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

To fix the issue, explicitly declare a permissions block that limits the GITHUB_TOKEN to the least privileges needed for this workflow. Since the provided snippet only shows a build job that calls a reusable Maven build workflow and does not indicate any need for write access (no releases, tagging, issue updates, etc.), a safe default is read‑only access to repository contents. This aligns with GitHub’s recommended minimal starting point.

The best targeted fix is to add a permissions block at the job level under build: so that it applies specifically to this job. Concretely, in .github/workflows/build.yml, under jobs:, within the build: job (before the uses: line), add:

permissions:
  contents: read

This change preserves existing behavior for the job while ensuring the GITHUB_TOKEN cannot perform write operations on the repository contents from this workflow, unless the called reusable workflow further constrains it. No imports, methods, or additional definitions are required, as this is purely a YAML configuration change.