ci: declare contents:write on Release workflow's release job

[arpitjain099]

Description

The Release workflow runs on tag push and has two jobs:

• docker_push -- calls the reusable ./.github/workflows/docker_build_job.yaml workflow
• release -- runs gh release create (twice, branched on -rc suffix) to attach helm tarballs + the aigw binaries to the GitHub release

The gh release create API call needs contents: write. Right now there's no permissions: block on either the workflow or the release job, so the token gets whatever the repo default grants.

This patch adds permissions: contents: write at the release job (not at workflow scope) for two reasons:

1. docker_push is a reusable-workflow caller. Per GitHub docs on reusable workflows [1], a caller-level permissions: block intersects with the callee's grants. Keeping the new block on the release job leaves the callee's existing permissions story unchanged.
2. The docker_push callee already authenticates to DockerHub via DOCKERHUB_PASSWORD and DOCKERHUB_USERNAME (external secrets), so it doesn't need the workflow GITHUB_TOKEN for the push path.

Style matches the per-job permission blocks already used by codeql.yaml (actions: read, contents: read, security-events: write) and the workflow-level block in build_and_test.yaml (contents: read, packages: write, id-token: write).

No behavioural change. The release workflow continues to use ${{ secrets.GITHUB_TOKEN }} for the two gh release create calls, just with the scope spelled out.

1: https://docs.github.com/en/actions/using-workflows/reusing-workflows#access-and-permissions

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.33%. Comparing base (1d1e81a) to head (ba2f2f4).
⚠️ Report is 18 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2139      +/-   ##
==========================================
- Coverage   84.40%   84.33%   -0.08%     
==========================================
  Files         134      134              
  Lines       19059    19352     +293     
==========================================
+ Hits        16087    16320     +233     
- Misses       1991     2033      +42     
- Partials      981      999      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.