chai min

This modify follows the [scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)'s recommendations.

Declare default permissions as read-only for all jobs in the workflow to follow the principle of least privilege. This enhances security by limiting the permissions available to the actions run...

Hi! This PR restricts permissions on the pipeline, following [the best security practices](https://docs.github.com/en/actions/reference/security/secure-use#use-secrets-for-sensitive-information) recommended by GitHub.