PR #864 added a workflow-level permissions: contents: read block to .github/workflows/test.yml
.github/workflows/release.yml still has no permissions: block, but we might change how things are released. IF this stays it needs to be hardened. However, any release should use OIDC, no long lived tokens
PR #864 added a workflow-level
permissions: contents: readblock to.github/workflows/test.yml.github/workflows/release.ymlstill has no permissions: block, but we might change how things are released. IF this stays it needs to be hardened. However, any release should use OIDC, no long lived tokens