Potential fix for code scanning alert no. 2: Workflow does not contain permissions

[runtingt]

Potential fix for https://github.com/runtingt/CondorTools/security/code-scanning/2

To fix the problem, we should add a permissions block to the workflow file .github/workflows/ci.yaml. The block can be added at the top level (applies to all jobs) or at the job level (for more granular control). Since both jobs (lint-and-format and pytest) do not require write access to repository contents, the minimal required permission is contents: read. The Codecov upload step may require additional permissions, but according to Codecov documentation, contents: read is sufficient for uploading coverage reports. Therefore, the best fix is to add a top-level permissions block with contents: read to the workflow file, immediately after the name field and before the on field.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (ed19a3f) to head (f3dd349).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

@@            Coverage Diff            @@
##              main        #6   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines          182       182           
=========================================
  Hits           182       182           

Flag	Coverage Δ
unittests	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.