ci: update workflows and github token permissions

[tbouffard]

This update lets reduce the GITHUB_TOKEN default permissions to READ:

• publish to production: no need to update the commit status with a deployment status information. In addition, the GH Token didn't have the permission to update the commit status. Some errors were displayed in the GH Actions logs
• update theme bundle: give write permissions to create the PR

Covers #497

Notes

This PR applies to this repository the same configuration as we already did for documentation content repositories: see #443

Documentation of the actions that miss some permissions

• create-pull-request: update-theme-bundle: give write permissions to create the PR
• netlify: https://github.com/nwtgck/actions-netlify#optional-inputs

Previous error with the netlify actions

The error was logged but didn't fail the build

RequestError [HttpError]: Resource not accessible by integration
at /home/runner/work/_actions/nwtgck/actions-netlify/v2.0/dist/index.js:10385:21
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
status: 403,
response: {
url: 'https://api.github.com/repos/bonitasoft/bonita-documentation-site/statuses/88a43d0b02af8bab6f942a20792f39bd45b57c8e',
status: 403,
…
},
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/commits/statuses#create-a-commit-status'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/bonitasoft/bonita-documentation-site/statuses/88a43d0b02af8bab6f942a20792f39bd45b57c8e',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-core.js/3.6.0 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"context":"Netlify","description":"Netlify deployment","state":"success","target_url":"https://documentation.bonitasoft.com/"}',
request: { agent: [Agent], hook: [Function: bound bound register] }
}

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information