ci: add minimal permissions to workflows bump.yml and release.yml

[diogoteles08]

Hi! I'm Diogo and I work on the same team that Joyce, who created the issues #217, #221 and #227.

I'm creating this PR with changes following the exact same idea proposed on the issue #217, but applying the idea on the workflows that were created after that. As Joyce explained, setting minimal permissions prevents any sort of exploitation in case some of those actions get malicious changes.

As I understand it's tough be always aligned with all those tricky security details, I'll take the liberty to suggest some tips that may help to keep them up.

1. For the specific point of Workflow Permissions, I'll recommend you to change (if you haven't already) the repository configuration to set the default permissions to read-only. In this case, if you create any new workflow and forget to explicitly declare the permissions, it would run with read-only permissions and any action that requires write-permissions would fail.

2. I'd also recommend that you consider using the OpenSSF Scorecard Action. Scorecard uses GitHub's public API to gather public informations about your project and runs a sort of "meta-analysis" of the project's security posture. The Action then populates the project's Security Panel with possible improvements to its security posture. It's specially helpful to ensure you won't regress on the security measures you have already adopted. Additionally, the tool integrates with the OSV Scanner, which evaluates project's transitive dependencies looking for known vulnerabilities. Let me know if you have interest and I'll be happy to send a PR adding it.

Cheers,