Use minimal permissions for CI jobs

[newpavlov]

For most jobs we only need to read the contents to run tests. But I am not sure which permissions should be used for the security audit job. I think it should be something like:

permissions:
  contents: read
  checks: write
  issues: write

For now I will leave the default permissions.

Relevant issues: actions-rs/audit-check#218, actions-rs/audit-check#220

[tarcieri]

FWIW I went through the repos and set the permissions to read-only quite awhile ago:

https://github.com/RustCrypto/utils/settings/actions

This could be belt-and-suspenders, I guess, but using administrative actions rather than configurations seems like a bit more surefire approach.

[newpavlov]

It looks like this setting is equivalent to the restricted column with some additional rights to manipulate pull requests. It will be hard to do something malicious with such rights, but either way using tighter permissions probably will not hurt.