build: harden pull_request.yml permissions

Signed-off-by: Alex <[email protected]>

.github/workflows/pull_request.yml

@@ -6,6 +6,8 @@ name: checks_pr
       - master
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+permissions:
+  contents: read # to fetch code (actions/checkout)
 jobs:
   build:
     runs-on: ubuntu-latest