Fix changelog workflow permissions for consumers

[coisa]

Related Issue

Closes #251

Motivation / Context

• Consumer repositories can fail release workflow validation when the packaged changelog wrapper calls the reusable DevTools changelog workflow without granting repository-projects: write.
• This blocked the php-fast-forward/enum release flow before the changelog automation could start.

Changes

• Grant repository-projects: write in resources/github-actions/changelog.yml so synced consumer wrappers can call the reusable changelog workflow successfully.
• Document the caller-level permission requirement for project-board release transitions.
• Add a changelog entry for the consumer workflow permission fix.

Verification

• composer dev-tools
• Focused command(s): actionlint resources/github-actions/changelog.yml .github/workflows/changelog.yml
• Focused command(s): composer dev-tools changelog:check
• Focused command(s): git diff --check
• Manual verification: confirmed the packaged wrapper now grants the permission requested by .github/workflows/changelog.yml.

Documentation / Generated Output

• README updated
• docs/ updated
• Generated or synchronized output reviewed

Changelog

• Added a notable CHANGELOG.md entry

Reviewer Notes

• This is intentionally the smallest fix for the immediate consumer failure: the reusable workflow already requests repository-projects: write; the synced wrapper now grants the same permission at the caller level.

[github-actions]

🚀 Preview is available for this pull request.

• Docs: https://php-fast-forward.github.io/dev-tools/previews/pr-252/
• Coverage: https://php-fast-forward.github.io/dev-tools/previews/pr-252/coverage/
• Metrics: https://php-fast-forward.github.io/dev-tools/previews/pr-252/metrics/