Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[morningstarxcdcode]

Potential fix for https://github.com/MStarRobotics/Research/security/code-scanning/1

To fix the problem, add a permissions block to the workflow to restrict the GITHUB_TOKEN to only the permissions required by the actions/first-interaction@v1 action. This action needs to be able to write comments on issues and pull requests, so the minimal permissions required are issues: write and pull-requests: write. The permissions block can be added at the top level of the workflow (applies to all jobs), or at the job level. The best practice is to add it at the top level unless different jobs require different permissions. In this case, since there is only one job, add the following at the top level, after the name field and before on:

permissions:
  issues: write
  pull-requests: write

No additional imports or definitions are needed.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[Copilot]

Pull Request Overview

This PR addresses a security code scanning alert by adding minimal required permissions to the GitHub workflow. The change restricts the GITHUB_TOKEN to only the permissions needed by the actions/first-interaction@v1 action.

• Adds a permissions block with issues: write and pull-requests: write permissions
• Follows security best practice of granting minimal necessary permissions to workflows