Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[moshie]

Potential fix for https://github.com/moshie/deep-redact/security/code-scanning/1

The best way to fix the problem is to explicitly set the permissions key at either the workflow root or job level (for benchmark). Since only the benchmark job exists, either location suffices. The minimal required permissions must enable the actions that need them. In this workflow, the code is pushing to the gh-pages branch (using the provided github-token) and using the cache action, which requires contents: write for pushing workflow results (to gh-pages), plus actions: read and/or id-token: write depending on the caching implementation. However, strictly for pushing via GITHUB_TOKEN, contents: write is normally sufficient. The safest minimal starting point, as recommended, is:

permissions:
  contents: write

This should be added at the job level under benchmark:, just below name: Performance regression check.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 50434e3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	100% (🎯 100%)	83 / 83
🔵	Statements	100% (🎯 100%)	84 / 84
🔵	Functions	100% (🎯 100%)	8 / 8
🔵	Branches	100% (🎯 100%)	64 / 64

File Coverage

No changed files found.

Generated in workflow #61 for commit 50434e3 by the Vitest Coverage Report Action