Add required permissions to workflow callers

The calling workflows must explicitly declare the permissions needed by the reusable workflows they call.

Author: Kyle-Ye

.github/workflows/claude.yml

@@ -10,6 +10,13 @@ on:
   pull_request_review:
     types: [submitted]
 
+permissions:
+  contents: read
+  pull-requests: read
+  issues: read
+  id-token: write
+  actions: read
+
 jobs:
   claude:
     uses: OpenSwiftUIProject/github-workflows/.github/workflows/claude.yml@main

.github/workflows/issue-triage.yml

@@ -4,6 +4,10 @@ on:
   issues:
     types: [opened]
 
+permissions:
+  contents: read
+  issues: write
+
 jobs:
   triage-issue:
     uses: OpenSwiftUIProject/github-workflows/.github/workflows/issue-triage.yml@main