Improve security of GitHub Actions workflows

[KevinEyo1]

What is the purpose of this pull request?

• Documentation update
• Bug fix
• Feature addition or enhancement
• Code maintenance
• DevOps
• Improve developer experience
• Others, please explain:

Overview of changes:
Fixes #2488
Refactor code and improve security of workflows based on research on security best practices

Anything you'd like to highlight/discuss:
Removed explicit stating of GITHUB_TOKEN in ci.yml, not sure if there is a need for it as there is no documentation of why it was added.

Testing instructions:

Proposed commit message: (wrap lines at 72 characters)
GitHub Actions: improve security

Security best practices need to be enforced to ensure no avenues
of attack and security breaches.

Let's update the workflows following security best practices,
particularly restricting permissions to read permissions

---

Checklist: ☑️

• Updated the documentation for feature additions and enhancements
• Added tests for bug fixes or features
• Linked all related issues
• No unrelated changes

---

Reviewer checklist:

Indicate the SEMVER impact of the PR:

• Major (when you make incompatible API changes)
• Minor (when you add functionality in a backward compatible manner)
• Patch (when you make backward compatible bug fixes)

At the end of the review, please label the PR with the appropriate label: r.Major, r.Minor, r.Patch.

Breaking change release note preparation (if applicable):

• To be included in the release note for any feature that is made obsolete/breaking

Give a brief explanation note about:

• what was the old feature that was made obsolete
• any replacement feature (if any), and
• how the author should modify his website to migrate from the old feature to the replacement feature (if possible).

[KevinEyo1]

Test ci.yml:
Passes tests
Test description body:
Removed description, check runs and fails. Add back and check runs and passes.
Test PR Merge
Updated job runs
No impact selected and fails
2 impacts selected and fails
r.Major selected and passes

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.00%. Comparing base (ff8e9b1) to head (8b185c3).

❗ Current head 8b185c3 differs from pull request most recent head b199f86. Consider uploading reports for the commit b199f86 to get more accurate results

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2510   +/-   ##
=======================================
  Coverage   51.00%   51.00%           
=======================================
  Files         124      124           
  Lines        5384     5384           
  Branches     1162     1162           
=======================================
  Hits         2746     2746           
  Misses       2348     2348           
  Partials      290      290           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[yucheng11122017]

Thanks for the work @KevinEyo1! This is pretty awesome - thank you for doing the research and implementing this.
Just one small nit and I think we should be good to go.

[kaixin-hc]

LGTM!

I amended the PR message slightly - I think "Make updates for security" is super vague", so I added that mainly what was done was restrict permissions to read. Can the merger amend it if there are other details I missed?

[yucheng11122017]

LGTM!