reduced actions permissions

from the repository settings (read-only permission by default and run only verified actions).
These changes are those required to avoid breaking existing workflows

.github/workflows/alpha.yml

@@ -18,11 +18,12 @@ env:
   TAG: alpha
   ZIP: app-alpha.zip
 
+permissions:
+  contents: write # need to update tag and release
+
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
     steps:
       - name: Get the repository files
         uses: actions/checkout@v3
@@ -45,7 +46,7 @@ jobs:
             assemble${{ env.VARIANT }}
 
       - name: Zip ${{ env.VARIANT }} apk as ${{ env.ZIP }}
-        # just remove the password here if you want to build the apk yourself
+        # just remove the password here if you want to build the apk yourself instead of sponsoring me and getting it as a benefit :(
         run: zip -j -P ${{ secrets.ALPHA_PASS }} ${{ env.ZIP }} app/build/outputs/apk/${{ env.VARIANT }}/app-${{ env.VARIANT }}.apk
 
       - name: Update ${{ env.TAG }} tag to current commit

.github/workflows/assets-updater.yml

@@ -10,8 +10,8 @@ on:
   workflow_dispatch:
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: write # need to update branches
+  pull-requests: write # need to create PRs
 
 env:
   workingBranch: assets-updater-action

.github/workflows/latest.yml

@@ -12,6 +12,8 @@ env:
   TAG: latest
   SHIELDS: shields.json
 
+permissions:
+  contents: write # need to update tag and release
 
 # Workflow in ubuntu
 jobs: