Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[WCG847]

Potential fix for https://github.com/WCG847/PACTool/security/code-scanning/1

In general, to fix this class of problem, you explicitly define a permissions block in the workflow or job so that the GITHUB_TOKEN used by the workflow has only the scopes required. For a linting workflow that just checks out source and runs tools locally, contents: read is typically sufficient.

For this specific workflow, the simplest and best fix without changing existing behavior is to add a permissions block at the workflow root (top level, alongside name and on) that limits permissions to contents: read. This covers all jobs in the workflow and satisfies the CodeQL recommendation. No steps in this workflow need write access, and actions/checkout@v4 works with contents: read, so this will not break functionality.

Concretely:

• Edit .github/workflows/pylint.yml.
• Insert a permissions: section after the name: Pylint line (line 1) and before the on: block (line 3).
• Set contents: read under permissions.
  No imports or additional definitions are needed; this is purely a YAML configuration change.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.