Tighten permissions for GitHub Actions

Author: tomkins

.github/workflows/ci.yml

@@ -3,6 +3,7 @@ on: pull_request
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
+permissions: {}
 jobs:
   matrix:
     name: Build test matrix

.github/workflows/publish.yml

@@ -5,6 +5,8 @@ on:
     tags:
       - "*"
 
+permissions: {}
+
 jobs:
   build:
     name: Build packages
@@ -61,7 +63,6 @@ jobs:
       url: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}
     permissions:
       contents: write
-      id-token: write
 
     steps:
       - name: Download packages