backport-trigger: Revise permissions based on sudden failures (#36)

Author: mjbond-msft

.github/workflows/backport-action.yml

@@ -46,9 +46,9 @@ jobs:
     # https://docs.opensource.microsoft.com/github/apps/permission-changes/
     # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
     permissions:
-      actions: read
+      actions: none
       contents: read
-      security-events: write
+      security-events: none
     env:
       # Protect against script injection attacks via input variables (i.e., the content of the variables could be executed at the time of evaluation/expansion within a script)
       # Scripts must consume the environment variable settings instead

.github/workflows/backport-trigger.yml

@@ -13,9 +13,9 @@ jobs:
     # https://docs.opensource.microsoft.com/github/apps/permission-changes/
     # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
     permissions:
-      actions: write
+      actions: none
       contents: read
-      security-events: write
+      security-events: none
     if: github.event.issue.pull_request != '' && startswith(github.event.comment.body, '@gitbot backport')
     outputs:
       target_branch: ${{ steps.parse_comment.outputs.target_branch }}