Restrict GitHub Actions token permissions

Add explicit workflow-level contents: read permissions to the
legacy test and coveralls workflows so code scanning no longer
flags the default GITHUB_TOKEN scope as unspecified.

Author: evolve75

.github/workflows/coveralls.yml

@@ -10,6 +10,8 @@
 
 name: Test Coveralls
 on: ["push", "pull_request"]
+permissions:
+  contents: read
 
 env:
   COVERAGE: true

.github/workflows/ruby.yml

@@ -4,6 +4,8 @@
 
 name: Build and Test
 on: [push, pull_request]
+permissions:
+  contents: read
 jobs:
   test:
     strategy: