chore(actions): Adjust GitHub Actions permissions (write for release, read-only for others)

[kotakanbe]

What did you implement:

This pull request includes changes to multiple GitHub Actions workflow files to add permissions settings. These changes ensure that the workflows have the appropriate read or write permissions for the contents they interact with.

Changes to GitHub Actions workflows:

• .github/workflows/build.yml: Added contents: read permissions.
• .github/workflows/codeql-analysis.yml: Added contents: read permissions.
• .github/workflows/docker-publish.yml: Added contents: read permissions.
• .github/workflows/golangci.yml: Added contents: read permissions.
• .github/workflows/goreleaser.yml: Added contents: write permissions.
• .github/workflows/test.yml: Added contents: read permissions.

For details, see: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please verify whether the Goreleaser YAML works correctly in the real environment the next time we create a tag.

Checklist:

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES

[shino]

Scorecard page https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions says:

The highest score is awarded when the permissions definitions in each workflow's yaml file are set as read-only at the top level and the required write permissions are declared at the run-level.

It's depending on the aims we want to achive, but how about changing top-level of goreleaser.yml to read and adding contents: write to "Run GoReleaser" step? Maybe too bureaucratic? :)

[shino]

Great work! 🍻