GitHub Workflows security hardening (#1162)

.github/workflows/validate.yml

@@ -12,6 +12,10 @@ on:
  - 'alpha'
  - '!all-contributors/**'
  pull_request: {}
+permissions:
+ actions: write # to cancel/stop running workflows (styfle/cancel-workflow-action)
+ contents: read # to fetch code (actions/checkout)
+
 jobs:
  main:
  continue-on-error: ${{ matrix.react != 'latest' }}
@@ -58,6 +62,10 @@ jobs:
  flags: ${{ matrix.react }}
 
  release:
+ permissions:
+ actions: write # to cancel/stop running workflows (styfle/cancel-workflow-action)
+ contents: write # to create release tags (cycjimmy/semantic-release-action)
+
  needs: main
  runs-on: ubuntu-latest
  if: