chore(ci): set explicit least-privilege workflow permissions

[arpitjain099]

Summary

• add an explicit permissions block to the CI workflow
• scope GITHUB_TOKEN to contents: read
• keep current build/lint/test pipeline unchanged

Why

Explicit token permissions enforce least privilege and make CI security intent auditable over time.

[netlify]

✅ Deploy Preview for vue-devtools-docs canceled.

Name	Link
🔨 Latest commit	ba1af4d
🔍 Latest deploy log	https://app.netlify.com/projects/vue-devtools-docs/deploys/6a04b15aa77ccb0008770729

[arpitjain099]

Hi @webfansplz, gentle ping on this. PR has been open for 4 days without review. I noticed you've been on the recent-merger side of recent merges in this repo. When you have a moment, would you mind giving it a quick look? No urgency. Happy to address any feedback.

[arpitjain099]

Hello, Following up on this since it's been a couple weeks. Happy to rebase or pare scope if useful. Thanks!

[pkg-pr-new]

Open in StackBlitz

@vue/devtools-applet

npm i https://pkg.pr.new/@vue/devtools-applet@1099

@vue/devtools-core

npm i https://pkg.pr.new/@vue/devtools-core@1099

@vue/devtools

npm i https://pkg.pr.new/@vue/devtools@1099

@vue/devtools-api

npm i https://pkg.pr.new/@vue/devtools-api@1099

@vue/devtools-kit

npm i https://pkg.pr.new/@vue/devtools-kit@1099

@vue/devtools-electron

npm i https://pkg.pr.new/@vue/devtools-electron@1099

@vue/devtools-shared

npm i https://pkg.pr.new/@vue/devtools-shared@1099

@vue/devtools-ui

npm i https://pkg.pr.new/@vue/devtools-ui@1099

vite-plugin-vue-devtools

npm i https://pkg.pr.new/vite-plugin-vue-devtools@1099

commit: ba1af4d