docs: explain github permissions

.github/workflows/build_push_image.yml

@@ -14,8 +14,8 @@ on:
 jobs:
   build_push_android:
     permissions:
+      # Allow to write packages to push the container image to the Github Container Registry
       packages: write
-      contents: read
     runs-on: ubuntu-22.04
     env:
       IMAGE_REPOSITORY_NAME: flutter-android

.github/workflows/pr_image.yml

@@ -11,11 +11,11 @@ on:
 jobs:
   test_image:
     permissions:
+      # Allow to write packages for the docker/scout-action to write a comment
       packages: write
-      contents: read
-      # pull-requests write permission is needed for the docker/scout-action to write a comment
+      # Allow to write pull requests for the docker/scout-action to write a comment
       pull-requests: write
-      # security-events write permission is needed for github/codeql-action/upload-sarif to upload SARIF results
+      # Allow to write security events for github/codeql-action/upload-sarif to upload SARIF results
       security-events: write 
     runs-on: ubuntu-22.04
     env:

.github/workflows/update_flutter_dependencies.yml

@@ -12,6 +12,7 @@ jobs:
     permissions:
       # Enable OIDC token because Gitsign creates keys based on the GitHub runner OIDC credentials
       # id-token: write
+      # Allow to write contents to push commits
       contents: write
       # Allow to read packages to pull the container image from GitHub Container Registry
       packages: read

.github/workflows/update_flutter_version.yml

@@ -7,7 +7,9 @@ jobs:
     permissions:
       # Enable OIDC token because Gitsign creates keys based on the GitHub runner OIDC credentials
       # id-token: write
+      # Allow to write contents to push commits
       contents: write
+      # Allow to write pull requests to push commits and write comments
       pull-requests: write
     runs-on: ubuntu-22.04
     steps: