docker security hardening with workflow permissions

[fuxingloh]

For security hardening should add permission.

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs https://docs.github.com/en/rest/reference/permissions-required-for-github-apps

Originally posted by @fuxingloh in https://github.com/DeFiCh/jellyfish/pull/1092#r815676069

/triage accepted /assign @kodemon /kind feature /area apps workflow

[fuxingloh]

Low priority