Restrict GITHUB_TOKEN in markdownlint action (#61622)

Currently, Actions in the dotnet/runtime repository have read/write
access by default, unless their permissions have been explicitly declared.

The markdownlint workflow can be restricted from all access except the
repository contents. This limits what the 3rd party `markdownlint-cli`
npm package can do which is installed as part of the workflow.

Author: vcsjones

.github/workflows/markdownlint.yml

@@ -1,5 +1,8 @@
 name: Markdownlint
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     paths: