fix(security): fix workflow does not contain permissions alert

[adcondev]

Description

This pull request updates the permissions configuration for several GitHub Actions workflows to follow best practices for security and access control. The main changes involve explicitly specifying the required permissions for each workflow.

Workflow permissions updates:

• .github/workflows/pr-status-check.yml: Added contents: read and issues: write permissions to ensure the workflow can read repository contents and update issue status as needed.
• .github/workflows/examples.yml: Added contents: read permission to restrict the workflow to only reading repository contents.
• .github/workflows/tag-protection.yml: Added contents: read permission to limit the workflow's access to repository contents.

Type of Change

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation only
• 🔧 Configuration/DevOps
• ♻️ Code refactoring
• 📦 Dependency update
• ⚡ Performance improvement
• 🧪 Test addition/modification

Component(s) Affected

• composer - ESC/POS protocol composer
• connection - Printer connections
• commands - ESC/POS command implementations
• document - Document processing
• graphics - Image processing
• printer - Barcode generation
• profile - Printer profiles
• service - High-level printer service
• github - GitHub related files and workflows

How Has This Been Tested?

• Unit tests pass locally
• Integration tests pass
• Manual testing with physical printer
• Examples built and run successfully
• N/A (documentation/configuration only)

Test Configuration

• Go Version:
• OS:
• Printer Model (if applicable):

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Screenshots/Examples

Breaking Changes

Additional Notes

[github-actions]

👋 Thanks for opening this PR, @adcondev!

Here's what will happen next:

• 🤖 Automated checks will run
• 🏷️ Labels will be added automatically
• 👀 A maintainer will review your changes

Please make sure:

• ✅ All tests pass
• 📝 The PR title follows conventional commits
• 📋 The PR template is filled out completely

[Copilot]

Pull request overview

This pull request adds explicit permissions declarations to three GitHub Actions workflows to address security alerts about workflows not containing permissions. The changes follow GitHub Actions security best practices by implementing the principle of least privilege.

Key changes:

• Added explicit permissions blocks to three workflow files that previously lacked them
• Configured minimal required permissions for each workflow based on their operations
• Aligns with the repository's existing pattern of declaring permissions (as seen in ci.yml, dependabot-automerge.yml, and release.yml)

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/tag-protection.yml	Added contents: read permission for workflow that documents tag creation
.github/workflows/pr-status-check.yml	Added contents: read and issues: write permissions for workflow that monitors PRs and creates issues; requires additional pull-requests: read permission
.github/workflows/examples.yml	Added contents: read permission for workflow that builds and tests examples

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.