Improve security of GitHub Actions workflows

[KevinEyo1]

What is the purpose of this pull request?

• [ ] Documentation update
• [ ] Bug fix
• [ ] Feature addition or enhancement
• [ ] Code maintenance
• [X] DevOps
• [ ] Improve developer experience
• [ ] Others, please explain:

Overview of changes: Fixes #2488 Refactor code and improve security of workflows based on research on security best practices

Anything you'd like to highlight/discuss: Removed explicit stating of GITHUB_TOKEN in ci.yml, not sure if there is a need for it as there is no documentation of why it was added.

Testing instructions:

Proposed commit message: (wrap lines at 72 characters) GitHub Actions: improve security

Security best practices need to be enforced to ensure no avenues of attack and security breaches.

Let's update the workflows following security best practices, particularly restricting permissions to read permissions

---

Checklist: :ballot_box_with_check:

• [ ] Updated the documentation for feature additions and enhancements
• [ ] Added tests for bug fixes or features
• [X] Linked all related issues
• [X] No unrelated changes

---

Reviewer checklist:

Indicate the SEMVER impact of the PR:

• [ ] Major (when you make incompatible API changes)
• [ ] Minor (when you add functionality in a backward compatible manner)
• [x] Patch (when you make backward compatible bug fixes)

At the end of the review, please label the PR with the appropriate label: r.Major, r.Minor, r.Patch.

Breaking change release note preparation (if applicable):

• To be included in the release note for any feature that is made obsolete/breaking

Give a brief explanation note about:

• what was the old feature that was made obsolete
• any replacement feature (if any), and
• how the author should modify his website to migrate from the old feature to the replacement feature (if possible).

[KevinEyo1]

Test ci.yml: Passes tests Test description body: Removed description, check runs and fails. Add back and check runs and passes. Test PR Merge Updated job runs No impact selected and fails 2 impacts selected and fails r.Major selected and passes

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 51.00%. Comparing base (ff8e9b1) to head (8b185c3).

:exclamation: Current head 8b185c3 differs from pull request most recent head b199f86. Consider uploading reports for the commit b199f86 to get more accurate results

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #2510 +/- ## ======================================= Coverage 51.00% 51.00% ======================================= Files 124 124 Lines 5384 5384 Branches 1162 1162 ======================================= Hits 2746 2746 Misses 2348 2348 Partials 290 290 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.