Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[morningstarxcdcode]

Potential fix for https://github.com/MStarRobotics/RSS2025/security/code-scanning/1

To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Based on the tasks performed in the workflow:

• contents: read is required to read repository contents.
• issues: write is required to interact with issues (e.g., searching and recognizing milestones).
• pull-requests: write is required to interact with pull requests (e.g., adding labels).

The permissions block can be added at the root level of the workflow to apply to all jobs or within the greet job to limit permissions to that specific job.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[Copilot]

Pull Request Overview

A concise update to grant explicit least-privilege permissions in the greetings workflow.

• Adds a root-level permissions block for repository contents, issues, and pull requests.
• Specifies contents: read, issues: write, and pull-requests: write.
• Ensures the workflow aligns with GitHub Code Scanning recommendations.

Comments suppressed due to low confidence (1)

.github/workflows/greetings.yml:9

• [nitpick] Consider scoping the permissions block to the greet job instead of the workflow root to further limit privileges to only the job that needs them.

permissions: