Add minimum token permissions for all github workflow files

[opentelemetrybot]

see https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions

notes:

• make sure every workflow file has a top-level permissions: block (top-level means a root yaml node)
  • if you need to add a top-level permissions: block, it should be located immediately following the on: block (don't re-order existing blocks)
  • use permissions:\n contents: read instead of permissions: read-all, unless the workflow is already using permissions: read-all in which case leave it
• make sure that each workflow job that needs elevated permissions declares the permissions it needs
  • if it needs a job-specific permission block but doesn't have one already add it at the top of the job (don't re-order existing blocks)
  • don't include contents: read in these job-specific blocks since the repos are already public
• remember elevated token permissions for a specific step aren't needed when OPENTELEMETRYBOT_GITHUB_TOKEN is used for that step
• remember actions/cache/save doesn't need any permissions
• remember JamesIves/github-pages-deploy-action needs contents: write permission
• there's no need to verify local build after making changes to the workflow files, since they aren't used during a local build anyways
• don't make unnecessary changes to the workflow files, only add the missing permissions
• don't add comments
• CRITICAL SPACING RULE: before adding any new permissions: block, you MUST first read the original file and preserve the blank line pattern surrounding where you add the new permissions block (specifically in terms of whether or not there is a blank line before and after the block)
  • ALWAYS read the original file first to determine the existing spacing pattern before making any edits
  • For example, if the original file looks like:

    on:
      workflow_dispatch:
    jobs:
    

    then the top-level permissions: block added should have no blank lines above or below it:

    on:
      workflow_dispatch:
    permissions:
      contents: read
    jobs:
    

    While if the original file looks like:

    on:
      workflow_dispatch:
    
    jobs:
    

    then the top-level permissions: block added should have a single blank lines above and below it:

    on:
      workflow_dispatch:
    
    permissions:
      contents: read
    
    jobs:
    

related to https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-java-examples