fix: restrict top-level permissions in dependabot-auto-merge.yml (Scorecard #55)

Move contents/pull-requests write to job-level only; top-level set to
read-all so Scorecard TokenPermissionsID is satisfied

Author: jovanSAPFIONEER

.github/workflows/dependabot-auto-merge.yml

@@ -2,14 +2,15 @@ name: Dependabot auto-merge
 
 "on": pull_request
 
-permissions:
-  contents: write
-  pull-requests: write
+permissions: read-all
 
 jobs:
   auto-merge:
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Fetch Dependabot metadata
         id: metadata