ci: declare explicit read-only permissions on reusable workflows

[arpitjain099]

Summary

• Add explicit permissions blocks with contents: read to reusable workflows:
  • .github/workflows/_detect.yml
  • .github/workflows/_build_rust_artifacts.yml
  • .github/workflows/_build_python_wheels.yml

Why

These reusable workflows perform checkout/build/packaging operations and do not require broad token privileges. Explicit read-only permissions tighten default GitHub token scope and make required access clear.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.81%. Comparing base (d158089) to head (584f171).

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #3243      +/-   ##
============================================
- Coverage     73.85%   73.81%   -0.05%     
  Complexity      943      943              
============================================
  Files          1193     1193              
  Lines        108933   108933              
  Branches      85950    85968      +18     
============================================
- Hits          80456    80406      -50     
- Misses        25742    25766      +24     
- Partials       2735     2761      +26     

Components	Coverage Δ
Rust Core	74.87% <ø> (-0.03%)	⬇️
Java SDK	60.14% <ø> (ø)
C# SDK	69.13% <ø> (-0.31%)	⬇️
Python SDK	81.43% <ø> (ø)
Node SDK	91.41% <ø> (-0.13%)	⬇️
Go SDK	39.80% <ø> (ø)
see 23 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[hubcio]

hi, thanks for contribution. please fix PR title.

[arpitjain099]

Hi @hubcio — updated the PR title to follow the conventional-commits style used in this repo (ci: ...). Thanks for the nudge.