Reduce GITHUB_TOKEN permissions #18
Description
See https://docs.github.com/en/actions/tutorials/authenticate-with-github_token how to reduce the permissions of GITHUB_TOKEN by using a "permissions" entry in the GitHub Actions workflow file.
Please also fix the README. Current text:
Malicious build files (pom.xml, build.gradle, package.json) can execute arbitrary code with your user's permissions.
The build is not executed with user's permissions, but with folio-org/tc-module-eval permissions, unless reduced by a "permissions" entry in the GitHub Actions workflow file.