Set minimal GITHUB_TOKEN permissions to each job (#378)

Author: Kesin11

.github/workflows/ci.yml

@@ -1,4 +1,6 @@
 name: Node CI
+permissions:
+  contents: read
 
 on:
   push:

.github/workflows/release.yml

@@ -7,6 +7,9 @@ on:
 jobs:
   draft_release:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: read
     outputs:
       tag_name: ${{ steps.release-drafter.outputs.tag_name }}
     steps:
@@ -23,6 +26,7 @@ jobs:
         url: https://www.npmjs.com/package/junit2json
     permissions:
       contents: write
+      pull-requests: read
       id-token: write
     needs: draft_release
     if: github.event_name == 'workflow_dispatch'