[chores] Followed principle of least privilege

Moved pr write permission to caller from find-pr

Author: stktyagi

.github/workflows/bot-ci-failure.yml

@@ -7,7 +7,7 @@ on:
       - completed
 
 permissions:
-  pull-requests: write
+  pull-requests: read
   actions: read
   contents: read
 
@@ -36,7 +36,8 @@ jobs:
             local pr_author
             pr_author=$(gh pr view "$pr_number" --repo "$REPO" --json author --jq '.author.login' 2>/dev/null || echo "")
             if [ -z "$pr_author" ]; then
-              echo "::warning::Could not fetch PR author for PR #$pr_number"
+              pr_author="${{ github.event.workflow_run.actor.login }}"
+              echo "::warning::Could not fetch PR author for PR #$pr_number; falling back to @$pr_author"
             fi 
             echo "number=$pr_number" >> "$GITHUB_OUTPUT"
             echo "author=$pr_author" >> "$GITHUB_OUTPUT"
@@ -68,6 +69,10 @@ jobs:
   call-ci-failure-bot:
     needs: find-pr
     if: ${{ needs.find-pr.outputs.pr_number != '' }}
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: write
     uses: openwisp/openwisp-utils/.github/workflows/reusable-bot-ci-failure.yml@master
     with:
       pr_number: ${{ needs.find-pr.outputs.pr_number }}