ci(security): reduce workflow permissions (#207)

By default, set all the workflow permissions to read-all, then 
provide permissions one by one to each job requiring more
permissions.

Closes #206

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>

.github/workflows/update.yml

@@ -9,6 +9,8 @@ defaults:
   run:
     shell: 'bash -Eeuo pipefail -x {0}'
 
+permissions: read-all
+
 jobs:
   build:
     name: Run update script