Restrict the GitHub token permissions only to the required ones, i.e.
just read-only access to the code.
This is done in order to reduce the potential harm in case of a
malicious pull request, see GitHub blog post at
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes#22574.
These files use TABs for indentation, so the standard check doesn't work
for them (and it doesn't seem worth having a special check just for
them neither, so simply don't check them at all).
Add missing ":" in the beginning of Git pathspecs to make the exclusions
really work.
Also add entries for Makefile.in, which is not caught by **/*akefile*,
and other files in the root directory containing hard TABs.
Running it using Python 2 seems to result in a problem with not matching
an exclusion line with non-ASCII character, which works fine with Python
3 locally.
