Potential fix for code scanning alert no. 21: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: lucasmcdonald3

.github/workflows/shared-ci.yml

@@ -18,6 +18,8 @@ jobs:
     # Don't lint or check Duvet annotations on already-published code
     if: ${{ !inputs.test-published-packages }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v4