Add explicit read permissions to workflows (#137)

Motivation:

* More secure GitHub Actions workflows

Modifications:

Add explicit 'contents: read' permissions to workflows that did not have
explicit permissions defined. This follows GitHub Actions security best
practices by limiting the default GITHUB_TOKEN permissions.

Result:

An extra layer of security.

.github/workflows/main.yml

@@ -1,5 +1,8 @@
 name: Main
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: [main]

.github/workflows/pull_request.yml

@@ -1,5 +1,8 @@
 name: PR
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     branches: [main]

.github/workflows/pull_request_label.yml

@@ -1,5 +1,8 @@
 name: PR
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     types: [labeled, unlabeled, opened, reopened, synchronize]

.github/workflows/soundness.yml

@@ -1,5 +1,8 @@
 name: Soundness
 
+permissions:
+  contents: read
+
 on:
   workflow_call: