Set GITHUB_TOKEN permissions to read only in OpenAPI workflow

.github/workflows/openapi.yml

@@ -9,6 +9,7 @@ jobs:
   openapi-head:
     name: OpenAPI - HEAD
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
@@ -34,6 +35,7 @@ jobs:
     name: OpenAPI - BASE
     if: ${{ github.base_ref != '' }}
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2