.github/workflows/release: grant release-bazel permissions

Trying to fix:

The workflow is not valid.
.github/workflows/release.yml (Line: 46, Col: 26): Invalid secret, BCR_PUBLISH_TOKEN is not defined in the referenced workflow.
.github/workflows/release.yml (Line: 40, Col: 3): Error calling workflow 'google/re2/.github/workflows/release-bazel.yml@932b308'. The nested job 'release' is requesting 'attestations: write, contents: write, id-token: write', but is only allowed 'attestations: none, contents: read, id-token: none'.

I made the secret repo-wide instead of being scoped to the bcr-push environment.
Not 100% sure that will fix that error.

The changes in this CL should fix the second error.

Change-Id: I7d1a537dd3d464fe0d99e612ae843a14243d24af
Reviewed-on: https://code-review.googlesource.com/c/re2/+/63950
Reviewed-by: Jeremy Kun <[email protected]>
Reviewed-by: Russ Cox <[email protected]>

Author: rsc

.github/workflows/release.yml

@@ -42,5 +42,9 @@ jobs:
     uses: ./.github/workflows/release-bazel.yml
     with:
       tag_name: ${{ github.ref_name }}
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
     secrets:
       BCR_PUBLISH_TOKEN: ${{ secrets.BCR_PUBLISH_TOKEN }}