add GHA permissions (#469)

<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it

#### Which issue(s) this PR fixes
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->

Author: frewilhelm

.github/workflows/update-security-txt.yaml

@@ -6,6 +6,10 @@ on:
     - cron: '0 0 * 12 *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   update:
     runs-on: ubuntu-latest
@@ -15,9 +19,9 @@ jobs:
       id: generate_token
       uses: tibdex/github-app-token@v2
       with:
-            app_id: ${{ secrets.OCMBOT_APP_ID }}
-            private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
-            
+        app_id: ${{ secrets.OCMBOT_APP_ID }}
+        private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
+
     - name: Checkout repo
       uses: actions/checkout@v4
 

.github/workflows/verify-markdown.yml

@@ -7,6 +7,9 @@ on:
     paths:
       - '**/*.md'
 
+permissions:
+  contents: read
+
 jobs:
   check-md: # call reusable workflow from central '.github' repo
     uses: open-component-model/.github/.github/workflows/markdown.yml@main