[StepSecurity] ci: Harden GitHub Actions

[step-security-bot]

Summary

This is an automated pull request generated by Secure Workflows at the request of @jbampton. Please merge the Pull Request to incorporate the requested changes. Please tag @jbampton on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The least privilged token permissions were calculate using Secure WorkFlows based on the actions included in the GitHub Workflow files. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).

• GitHub Security Guide
• The Open Source Security Foundation (OpenSSF) Security Guide

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-workflows or contact us via our website.

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
Here are some useful points:

• In case of a new feature add useful documentation (raise doc PR at https://github.com/apache/cloudstack-documentation)
• Be patient and persistent. It might take some time to get a review or get the final approval from the committers.
• Pay attention to the quality of your code, ensure tests are passing and your PR doesn't have conflicts.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Issues, Mailing list and Slack.
• Be sure to read the CloudStack Coding Conventions.
  Apache CloudStack is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@cloudstack.apache.org (https://cloudstack.apache.org/mailing-lists.html)
  Slack: https://apachecloudstack.slack.com/

[codecov]

Codecov Report

Merging #6802 (18c104a) into main (4e2f461) will increase coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #6802   +/-   ##
=========================================
  Coverage     10.52%   10.52%           
- Complexity     6782     6785    +3     
=========================================
  Files          2464     2464           
  Lines        244168   244168           
  Branches      38205    38205           
=========================================
+ Hits          25692    25705   +13     
+ Misses       215243   215228   -15     
- Partials       3233     3235    +2     

Impacted Files	Coverage Δ
...rg/apache/cloudstack/quota/QuotaStatementImpl.java	40.26% <0.00%> (+3.98%)	⬆️
...dstack/network/contrail/model/ModelObjectBase.java	28.84% <0.00%> (+7.69%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[boring-cyborg]

Awesome work, congrats on your first merged pull request!