ci: move workflow permissions to job level

Move 'contents: read' permission from workflow level to individual
job level for better clarity and following the principle of least
privilege. Each job now explicitly declares its required permissions.

Author: nanotaboada

.github/workflows/dotnet.yml

@@ -3,9 +3,6 @@
 
 name: .NET CI
 
-permissions:
-  contents: read
-
 on:
   push:
     branches: [ "master" ]
@@ -19,6 +16,8 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.1
@@ -45,6 +44,8 @@ jobs:
   test:
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.1
@@ -79,6 +80,8 @@ jobs:
   coverage:
     needs: test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       matrix:
         service: [codecov, codacy]