ci: add missing permissions

[ndr-brt]

What this PR changes/adds

Add write permissions to checks an pull-requests on CI

Why it does that

To make Upload-Test-Report job work

Further notes

Linked Issue(s)

Closes #1329

Checklist

• added appropriate tests?
• performed checkstyle check locally?
• added/updated copyright headers?
• documented public classes/methods?
• added/updated relevant documentation?
• added relevant details to the changelog? (skip with label no-changelog)
• formatted title correctly? (take a look at the CONTRIBUTING and styleguide for details)

[paullatzelsperger]

I know very little about these permissions, but would removing them from the workflow level not mean that no jobs have the permissions, except Check-Cloud-Environment and Upload-Test-Report?

[ndr-brt]

@paullatzelsperger by default the permissions provided by GITHUB-TOKEN are used, permissions permit to add or remove access.
In my opinion setting them at the global level was not the best choice, since every job should have their custom permissions set.
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[cpeeyush]

These permissions are required for reading secrets during Azure-Cloud-Integration-Test job.

So maybe we can leave these ones at the top same as before and just add the additional required ones to Upload-Test-Report.

[ndr-brt]

@cpeeyush since these are required only by Azure-Cloud-Integration-Test job why don't add them only on that job?
Setting these globally caused the issue, using global settings is not a good practice since these permissions are needed by 2 jobs out of 20.

[cpeeyush]

Sure, agree. Let's try this on main once it merged to see if we see any failure. As @paullatzelsperger mentioned. Thanks.

[eclipse-edc-bot]

Can one of the admins verify this patch?

[codecov-commenter]

Codecov Report

Merging #1343 (051e5ee) into main (1cf88a5) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1343   +/-   ##
=======================================
  Coverage   67.60%   67.60%           
=======================================
  Files         716      716           
  Lines       15858    15858           
  Branches     1041     1041           
=======================================
  Hits        10721    10721           
  Misses       4663     4663           
  Partials      474      474           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1cf88a5...051e5ee. Read the comment docs.

[paullatzelsperger]

I guess we'll see if this works once we merge to upstream main, because the Azure Integration tests will only run there, because it depends on the secrets (which only are configured in upstream)

[cpeeyush]

Sure, agree. Let's try this on main once it merged to see if we see any failure. As @paullatzelsperger mentioned. Thanks.