GitHub Workflows security hardening (#7629)

* build: harden push.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden deployment.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden pr.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>

.github/workflows/pr.yml

@@ -2,6 +2,9 @@ name: Pull Request Tests
 
 on: [pull_request, workflow_dispatch]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   testPR:
     runs-on: ubuntu-latest