Github Actions CI needs id-token write permissions

[costrouc]

Related to the need for OIDC support when deploying nebari see issue

Reference Issues or PRs

What does this implement/fix?

#1671

Put a x in the boxes that apply

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds a feature)
• Breaking change (fix or feature that would cause existing features not to work as expected)
• Documentation Update
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no API changes)
• Build related changes
• Other (please describe):

Testing

• Did you test the pull request locally?
• Did you add new tests?

Any other comments?

This adds the following lines to the render for github

    permissions:
      id-token: write
      contents: read

To the github actions pipeline. From a security perspective there are no risks I can see of adding id-token to the pipeline.

[iameskild]

This looks good to me! While I was looking at this, it got me wondering if we even need to include references to REPOSITORY_ACCESS_TOKEN? We don't necessarily need to remove it in this PR, but perhaps something we should look into later.

[costrouc]

Yeah I agree! I think we need to revisit how we set the yaml for github actions and gitlab ci when we work on an extension mechanism.