GitHub Actions: Set read-only permissions for workflow

Added `contents: read` to the permissions block in `main.yml`. This
change ensures the workflow adheres to the principle of least privilege
by limiting its access scope.

Author: saschpe

.github/workflows/ci.yml renamed to .github/workflows/main.yml

@@ -16,6 +16,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   IMAGE: saschpe/android-ndk
   PLATFORMS: linux/amd64,linux/arm64
@@ -32,7 +35,7 @@ jobs:
         cmake: [ 3.31.1 ]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5