For enhanced security, set explicit permissions for GitHub workflows. This applies to both the primary "caller" workflows and the reusable "callee" workflows they invoke (this repo hosts popular reusable "callee" workflows).

This approach aligns with security best practices, as detailed in the following documentation:

• https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes
• https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/

CC @FranzBusch @ktoso

• soundness.yml
• swift_package_test.yml
• pull_request.yml
• performance_test.yml
• create_automerge_pr