fix(.github): ghcr.io rate-limit mitigation

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

.github/workflows/ci.yml

@@ -14,6 +14,7 @@ concurrency:
 
 permissions:  
   contents: read
+  packages: read
   
 jobs:
   fetch-version:

.github/workflows/master.yaml

@@ -3,6 +3,10 @@ on:
   push:
     branches: [master]
 
+permissions:  
+  contents: read
+  packages: read
+
 # Checks if any concurrent jobs is running for master CI and eventually cancel it
 concurrency:
   group: ci-master

.github/workflows/release.yaml

@@ -3,6 +3,10 @@ on:
   release:
     types: [published]
 
+permissions:  
+  contents: read
+  packages: read
+
 # Checks if any concurrent jobs is running for release CI and eventually cancel it.
 concurrency:
   group: ci-release

.github/workflows/reusable_test_packages.yaml

@@ -23,6 +23,7 @@ on:
 
 permissions:  
   contents: read
+  packages: read
   
 jobs:
   test-packages:
@@ -56,6 +57,10 @@ jobs:
       - name: Run tests
         env:
           LSAN_OPTIONS: "intercept_tls_get_addr=0"
+          # Authenticate to GitHub Container Registry to pull falcoctl image
+          # This is a temporary mitigation for the rate limiting issue
+          # See https://github.com/falcosecurity/rules/issues/331
+          FALCOCTL_REGISTRY_AUTH_BASIC: ghcr.io,${{ github.actor }},${{ github.token }}
         uses: falcosecurity/testing@main
         with:
           test-falco: 'true'