Add minimum token permissions for all github workflow files

[opentelemetrybot]

see https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions

notes:

• use permissions: contents: read instead of permissions: read-all, unless the workflow is already using permissions: read-all in which case leave it be
• make sure that each workflow job that needs elevated permissions declares the permissions it needs
  • if it needs a job-specific permission block but doesn't have one already add it at the top of the job (don't re-order existing blocks)
  • don't include contents: read in these job-specific blocks since the repos are already public
• remember elevated token permissions for a specific step aren't needed when OPENTELEMETRYBOT_GITHUB_TOKEN is used for that step
• remember actions/cache/save doesn't need any permissions
• remember JamesIves/github-pages-deploy-action needs contents: write permission
• there's no need to verify local build after making changes to the workflow files, since they aren't used during a local build anyways
• don't make unnecessary changes to the workflow files, only add the missing permissions

related to https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-cpp-contrib