ci: add minimum workflow permissions (CodeQL)

[emal-avala]

Summary

Resolves 7 open CodeQL alerts for actions/missing-workflow-permissions by adding permissions: contents: read at the workflow level to:

• `.github/workflows/ci.yml`
• `.github/workflows/client-ci.yml`
• `.github/workflows/client-e2e.yml`

These workflows only checkout code and run tests/builds — no writes to the repo, issues, packages, or pages are required. Explicitly declaring minimum permissions follows the GitHub Actions least-privilege best practice and matches what the other workflows in this repo already do (release.yml, release-e2e.yml, docker.yml, docs.yml, evals-*.yml, client-release.yml, client-playwright.yml).

Remaining CodeQL alerts (not addressed here)

15 Rust alerts remain. All of them are false positives that I'll dismiss separately via the API with reason `false_positive`:

• rust/cleartext-transmission (3 alerts in `attach.rs`) — all three are HTTP calls to `http://127.0.0.1:{port}\` (the local serve-mode discovery API). Loopback traffic never leaves the host.
• rust/cleartext-logging (11 alerts in `attach.rs`, `commands/mod.rs`, `main.rs`, `repl.rs`) — all log public info: port numbers, pid, cwd, session IDs (non-secret UUIDs shown to the user by design), error messages, and token/cost stats. The one exception is `main.rs:683` which intentionally displays a webhook secret once at creation time (same pattern as API key provisioning flows) — documented in an adjacent comment.

Test plan

• CI passes (should be trivially green — only workflow header changes)
• CodeQL re-scan drops the 7 `actions/missing-workflow-permissions` alerts

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.