build: harden rebase.yml permissions

Signed-off-by: Alex <[email protected]>

Author: sashashura

.github/workflows/rebase.yml

@@ -2,8 +2,13 @@ name: Automatic Rebase
 on:
   issue_comment:
     types: [created]
+permissions: {}
 jobs:
   rebase:
+    permissions:
+      contents: write # to push code to rebase (cirrus-actions/rebase)
+      pull-requests: read # to get info about PR (cirrus-actions/rebase)
+
     name: Rebase
     if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
     runs-on: ubuntu-latest