Detection job `permissions: {}` prevents `actions/checkout` from succeeding

[jfomhover]

Description

When compiling a workflow with gh aw compile, the generated detection job sets permissions: {} (no scopes), but also injects a Checkout main repo step using actions/checkout. This checkout step fails with a 404 "repository not found" error because the GITHUB_TOKEN has no contents: read permission.

The agent job in the same compiled workflow correctly sets permissions: contents: read, and its checkout step succeeds.

Steps to Reproduce

1. Create any workflow .md file with permissions: contents: read and an engine using copilot
2. Run gh aw compile
3. Inspect the generated .lock.yml — the detection job has:

   detection:
     permissions: {}
     steps:
       # ...
       - name: Checkout main repo
         uses: actions/checkout@v5

4. Push and trigger the workflow
5. The detection job fails at the checkout step with a 404

Expected Behavior

The detection job should either:

• Set permissions: contents: read (since it injects a checkout step that requires it), or
• Not inject a checkout step if it intends to run with no permissions

Actual Behavior

The checkout step fails because permissions: {} means the GITHUB_TOKEN has zero scopes. GitHub returns a 404 (not 403) for security reasons.

Environment

• gh-aw CLI version: v0.42.17 (also reproduced on v0.42.13)
• Engine: copilot

[pelikhan]

Would it be possible to share a repro? The checkout should only happen in dev mode, not in release mode.