Potential fix for code scanning alert no. 257: Workflow does not contain permissions

[sxd]

Potential fix for https://github.com/cloudnative-pg/postgis-containers/security/code-scanning/257

To fix the issue, we will add a permissions block to the image-catalog job. This block will explicitly define the minimal permissions required for the job to function correctly. Based on the operations performed in the job:

• contents: write is needed to push updates to the repository.
• actions: read is required to download artifacts.
• contents: read is needed to read repository files.

The permissions block will be added at the job level to limit its scope to the image-catalog job.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.