Harden GITHUB_TOKEN permissions

Signed-off-by: Craig Ingram <cjingram@google.com>

.github/workflows/release.yml

@@ -8,6 +8,9 @@ name: Containerd Release
 env:
   GO_VERSION: '1.19.2'
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   check:
     name: Check Signed Tag
@@ -123,6 +126,8 @@ jobs:
 
   release:
     name: Create containerd Release
+    permissions:
+      contents: write
     runs-on: ubuntu-20.04
     timeout-minutes: 10
     needs: [build, check]