Update welcome-new-users.yml

Add a comment regarding the permissions top-level trick

Signed-off-by: Yacine Kheddache <yacine@microcks.io>

Author: yada

.github/workflows/welcome-new-users.yml

@@ -11,6 +11,9 @@ on:
   pull_request:
     types: [opened, closed]
 
+# Explicitly disable all default GITHUB_TOKEN permissions at the workflow level.
+# Each job then declares only the minimal required permissions (principle of least privilege),
+# e.g., `issues: write` for posting comments. This improves security, especially for PRs from forks.
 permissions: {}
 
 jobs: