.github/workflows/lint_pr_labels.yml doesn't declare permissions and thus doesn't work in paranoid forks

[jsoref]

Describe the bug

When I go to https://github.com/check-spelling-sandbox/decidim/actions/runs/7845617160/job/21410458259 I see an ❌ and

github.GithubException.GithubException: 403 {"message": "Resource not accessible by integration", "documentation_url": "https://docs.github.com/rest/pulls/reviews#create-a-review-for-a-pull-request"}

To Reproduce

1. Create an org
2. https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-the-default-github_token-permissions -- ensure that you're set to readonly permissions
3. Fork this repository
4. Create a PR within your fork

Expected behavior

.github/workflows/lint_pr_labels.yml should run w/o triggering any errors.

Screenshots

No response

Stacktrace

Valid labels are: ['type: feature', 'type: change', 'type: fix', 'type: removal', 'target: developer-experience', 'type: internal']
Invalid labels are: ['type: bug']
PR reviews are: enabled
Pull request number: 1
This pull request does not contain invalid labels
This pull request contains the following valid labels: ['type: fix']
All labels are OK in this pull request
Traceback (most recent call last):
  File "/verify_pr_lables.py", line 264, in <module>
    pr.create_review(event='APPROVE')
  File "/usr/local/lib/python3.6/site-packages/github/PullRequest.py", line 485, in create_review
    "POST", self.url + "/reviews", input=post_parameters
  File "/usr/local/lib/python3.6/site-packages/github/Requester.py", line 31[9](https://github.com/check-spelling-sandbox/decidim/actions/runs/7845617160/job/21410458259#step:3:10), in requestJsonAndCheck
    verb, url, parameters, headers, input, self.__customConnection(url)
  File "/usr/local/lib/python3.6/site-packages/github/Requester.py", line 342, in __check
    raise self.__createException(status, responseHeaders, output)
github.GithubException.GithubException: 403 {"message": "Resource not accessible by integration", "documentation_url": "https://docs.github.com/rest/pulls/reviews#create-a-review-for-a-pull-request"}

Extra data

• Device OS: Ubuntu 22.04.3 LTS
• Decidim Version: HEAD

Additional context

Workflows should declare their required permissions in order to play nicely.

I'm happy to make a PR for this (but not this week).

(I have a very large PR pending, but I'm trying to get it green before I post it.)

👋

[alecslupu]

hello @jsoref , feel free to add the pr regarding the linter.

[alecslupu]

@jsoref I have seen this PR. check-spelling-sandbox#1

Nice! I have seen there are some checks that needs to be done in translations and also in ruby variable names. Also, we change only the english translations, whereas the other translations are being handled using Crowdin. So that PR may never pass iin it's current form.
Also considering the high error rate, maybe f it would be better for us handling the variable changes ?

@andreslucena could you step in?

[jsoref]

My goal, of course, would be to get a PR that passed CI before I made a PR here. But, indeed, I ran into some ❌s. My initial attempts avoided touching any localization files, but that failed. I made some changes to get some of the ❌s to go away.

I'm currently trying to work past a set of errors that look like:
https://github.com/check-spelling-sandbox/decidim/actions/runs/7870652454/job/21472447400#step:8:279
... initially I've dropped check-spelling-sandbox@6d21b33 in case it's some fancy interaction with things.

At this point, I'm probably more interested in a path forward -- for commit series of this size, projects tend to have opinions about how they'd want to ingest/review them. I'm available on matrix if that's a preferable path for discussion. I could also open an issue w/o opening a PR if that's preferred. As this project appears to be divided by top level directory, I wouldn't be surprised if people wanted one PR per top level directory. But I won't make any issues/PRs for that work until I get some input (or at least less ❌s).