Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[SachaMorard]

Potential fix for https://github.com/edgee-cloud/segment-component/security/code-scanning/1

In general, fix this by explicitly setting a permissions block to limit the GITHUB_TOKEN to the minimum required scopes. You can do this at the workflow level (applies to all jobs that don’t override it) or per job.

For this workflow, the simplest change without altering behavior is:

• Add a workflow-level permissions block near the top, setting contents: read as a default for all jobs.
• Keep the existing per-job permissions blocks for clippy and coverage so they continue to have the access they need (checks: write for clippy, contents: read for coverage).

This directly addresses the CodeQL finding for the check job (and also secures fmt, build, and test) by ensuring they all use contents: read rather than inheriting potentially broader defaults. No additional imports, methods, or definitions are needed, since this is only a YAML configuration change in .github/workflows/check.yml.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[coveralls]

Pull Request Test Coverage Report for Build 20655974145

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 98.952%

---

Totals
Change from base Build 20655812122:	0.0%
Covered Lines:	661
Relevant Lines:	668

---

💛 - Coveralls