Limit the scope of GITHUB_TOKEN to only have write access to packages
and read access to metadata. By default it seems to be granted access
equal to that of the github.actor that triggered the workflow, which
may include access to more than the workflow needs.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
323a62d7b9