chore(ci): add permissions to workflow files

[devin-ai-integration]

chore(ci): add permissions to workflow files

Summary

Added explicit permissions: contents: read declaration to the CI workflow file (.github/workflows/ci.yml). This change follows GitHub's security best practices by explicitly declaring the minimum required permissions for the workflow, rather than relying on default permissions.

This is part of a broader security improvement initiative across the freckle organization to ensure all workflows have explicit permission declarations.

Review & Testing Checklist for Human

• Verify that CI checks pass without any permission-related errors
• Confirm that the workflow only needs read access to repository contents (no write operations, no package publishing, etc.)

Notes

• This is a security best practice recommended by GitHub to use the principle of least privilege
• The contents: read permission allows the workflow to check out code and read repository contents, which is sufficient for test/lint workflows
• If this workflow needs additional permissions in the future (e.g., to comment on PRs, publish packages), those can be added as needed

Link to Devin run: https://app.devin.ai/sessions/8be07b97ddec449cb5b2a86c82f8a57d
Requested by: joris.buchou@renaissance.com (@joris974)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Closing due to inactivity for more than 7 days. Configure here.