Potential fix for code scanning alert no. 1816: Workflow does not contain permissions

[ajay-dhangar]

Potential fix for https://github.com/codeharborhub/codeharborhub.github.io/security/code-scanning/1816

To fix the problem, explicitly declare minimal GITHUB_TOKEN permissions for the build job instead of relying on inherited defaults. Since build only checks out the code, installs dependencies, and runs tests, it should need at most read access to repository contents. We can therefore set permissions: contents: read on the build job.

Concretely, in .github/workflows/release-package.yml, add a permissions block under jobs.build, at the same indentation level as runs-on. This will mirror the existing pattern used by publish-gpr but with narrower access. No other steps or jobs need to change, and no additional imports or methods are required because this is a YAML workflow configuration change only.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[github-actions]

Great job, @ajay-dhangar! 🎉 Thank you for submitting your pull request to CodeHarborHub. We appreciate your contribution and enthusiasm! Our team will review it soon. If you have any questions or need further assistance, feel free to reach out. Thanks for contributing!

[deepsource-io]

Here's the code health analysis summary for commits 73b7fe2..74e10fb. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[github-actions]

⚡️ Lighthouse Report for the Deploy Preview of this PR 🚀

🔗 Site: CodeHarborHub | Live Site

URL 🌐	Performance	Accessibility	Best Practices	SEO	📊
/	🔴 23	🟡 77	🟢 96	🟢 100	📄
/docs	🟡 55	🟡 89	🟡 75	🟢 100	📄
/courses	🟡 56	🟡 88	🟢 96	🟢 100	📄
/showcase	🟡 53	🟡 87	🟡 75	🟡 86	📄
/community	🟡 55	🟡 88	🟢 96	🟢 100	📄