Potential fix for code scanning alert no. 2: Workflow does not contain permissions

[dukeluo]

Potential fix for https://github.com/dukeluo/eslint-plugin-check-file/security/code-scanning/2

To fix the issue, add a permissions block at the root level of the workflow to apply minimal permissions (contents: read) to all jobs by default. This ensures that the build job, which does not require any write permissions, operates with the least privilege. The publish-npm job already has a specific permissions block, so it will override the root-level permissions as needed.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (1e167cf) to head (47ad123).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #60   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           14        14           
  Lines         1083      1083           
=========================================
  Hits          1083      1083           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.