fix(ci): add explicit permissions blocks to workflow wrappers

Fixes CodeQL alert: workflow does not limit GITHUB_TOKEN permissions.

Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>

Author: jimisola

.github/workflows/build-docs.yml

@@ -10,6 +10,9 @@ on:
     paths:
       - "docs/**"
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: reqstool/.github/.github/workflows/common-build-docs.yml@main

.github/workflows/check-semantic-pr.yml

@@ -3,6 +3,9 @@ on:
   pull_request:
     types: [opened, edited, synchronize, reopened]
 
+permissions:
+  pull-requests: read
+
 jobs:
   check:
     uses: reqstool/.github/.github/workflows/common-check-semantic-pr.yml@main