Potential fix for https://github.com/DistroAV/DistroAV/security/code-scanning/10

Add an explicit top-level permissions block in .github/workflows/build-project.yaml so all jobs in this reusable workflow get least-privilege token scopes by default.

Best single fix without changing functionality:

• Insert permissions: contents: read at workflow root, directly after the on: section (before jobs:).
• This satisfies CodeQL’s minimum recommendation and supports current steps (checkout, cache, artifact upload) which do not require write access to repository contents.
• No imports, methods, or dependencies are needed (YAML config only).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Additional review & checks:

Build-Project Workflow :

contents: read
    Required for actions/checkout@v6 to fetch the repository code (and submodules, if private).

pull-requests: read
    In check-event job, for pull_request events seems to requires PR read permission.

actions: read
Required by actions/cache/* (restore/save) and actions/upload-artifact@v7 to interact with the Actions service (cache/artifacts).