#11765: fix(ci): restrict GITHUB_TOKEN permissions in workflows

## Fix Summary The main CI workflow (`ci.yml`) and two additional workflows (`install-smoke.yml`, `workflow-sanity.yml`) lack any top-level or job-level `permissions:` declaration. Without explicit restrictions, the `GITHUB_TOKEN` inherits the repository's default permissions (typically `write-all` on push events), granting CI jobs full write access to repository contents, packages, issues, and deployments when they only need read access. This violates the principle of least privilege and amplifies the blast radius of any supply chain compromise that executes code during CI (e.g., a compromised transitive dependency running a malicious postinstall script). ## Issue Linkage Fixes #11763 ## Security Snapshot - CVSS v3.1: 8.1 (High) - CVSS v4.0: 9.1 (Critical) ## Implementation Details ### Files Changed - `.github/workflows/ci.yml` (+2/-0) - `.github/workflows/install-smoke.yml` (+2/-0) - `.github/workflows/workflow-sanity.yml` (+2/-0) ### Technical Analysis The main CI workflow (`ci.yml`) and two additional workflows (`install-smoke.yml`, `workflow-sanity.yml`) lack any top-level or job-level `permissions:` declaration. Without explicit restrictions, the `GITHUB_TOKEN` inherits the repository's default permissions (typically `write-all` on push events), granting CI jobs full write access to repository contents, packages, issues, and deployments when they only need read access. This violates the principle of least privilege and amplifies the blast radius of any supply chain compromise that executes code during CI (e.g., a compromised transitive dependency running a malicious postinstall script). ## Validation Evidence - Command: `git -C worktrees/SC-05 grep -n "permissions: read-all" .github/workflows/ci.yml .github/workflows/install-smoke.yml .github/workflows/workflow-sanity.yml` - Status: passed ## Risk and Compatibility non-breaking; no known regression impact ## AI-Assisted Disclosure GPT-5.3-Codex <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds an explicit top-level `permissions: read-all` declaration to three GitHub Actions workflows (`ci.yml`, `install-smoke.yml`, `workflow-sanity.yml`) so the default `GITHUB_TOKEN` is restricted to read-only access. The workflows’ jobs (checkout, dependency install, and running tests/lint/sanity checks) do not appear to require any write-scoped GitHub API access, so constraining permissions at the workflow level aligns with least-privilege without changing the job logic. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk. - Changes are limited to GitHub Actions workflow permission scoping (`permissions: read-all`) and do not affect build/test commands or runtime behavior. The workflows shown only need repository read access (checkout + running local tooling), so tightening token permissions should not break them and improves security posture. - No files require special attention <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->