fix permissions

.github/workflows/auto-merge.yml

@@ -4,7 +4,8 @@ on:
   pull_request:
     types: [labeled]
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   automerge:

.github/workflows/code-freeze.yml

@@ -19,7 +19,9 @@ on:
   issue_comment:
     types: [created]
 
-permissions: read-all
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   # Check if the pull request target branch matches the required branch-regex?

.github/workflows/dependabot-auto-merge.yml

@@ -1,7 +1,8 @@
 name: Dependabot auto-merge
 on: pull_request_target
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   dependabot:

.github/workflows/scorecards.yml

@@ -14,8 +14,8 @@ on:
   push:
     branches: ["main"]
 
-# Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   analysis:

.github/workflows/updater.yml

@@ -5,7 +5,8 @@ on:
     # Runs every half hour
     - cron: "*/30 * * * *"
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   update_dockerfile: