Default to least permissions in GitHub workflows in all orgs

[consideRatio]

Can be checked like this using gh CLI for a specific organization:

gh api \     
  --jq '.default_workflow_permissions' \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /orgs/<ORG>/actions/permissions/workflow

read

• Configured on org level via https://github.com/organizations/<ORGANIZATION NAME>/settings/actions
• Could it be configured as a Jupyter Enterprise policy for all orgs?
  I'm not sure, but let us only do that when each non-archived org has transitioned already.

List of Jupyter orgs

non_archived_jupyter_orgs = [
    "binder-examples",
    "binderhub-ci-repos", # read
    "ipython",
    "jupyter",
    "jupyter-book",
    "jupyter-governance",
    "jupyter-incubator",
    "jupyter-server",
    "jupyter-standards",
    "jupyter-widgets",
    "jupyter-xeus",
    "jupytercon",
    "jupyterhub", # read
    "jupyterlab",
    "voila-dashboards",
    "voila-gallery",
]
archived_jupyter_orgs = [
    "jupyter-attic",
    "jupyter-resources",
    "jupyter-standard",
    "pickleshare",
]