workflow: Add top-level permissions

Set:
```
permissions:
  contents: read
```
as the default top-level permissions explicitly
to conform to recommended security practices e.g.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

.github/workflows/ci-devel.yaml

@@ -2,6 +2,9 @@ name: Kata Containers CI (manually triggered)
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   kata-containers-ci-on-push:
     permissions: