Specify default, minimum permissions for "Issue Trigger" workflow

[t-will-gillis]

Fixes #8336

What changes did you make?

• Added default, workflow-level permissions to issue-trigger.yml

Why did you make the changes (we will use this info to test)?

• We want to limit the default GITHUB_TOKEN permissions to the minimum required access for this workflow, following GitHub Actions security best practices.

CodeQL Alerts

After the PR has been submitted and the resulting GitHub actions/checks have been completed, developers should check the PR for CodeQL alert annotations.

Check the PR's comments. If present on your PR, the CodeQL alert looks similar as shown

Please let us know that you have checked for CodeQL alerts. Please do not dismiss alerts.

• I have checked this PR for CodeQL alerts and none were found.
• I found CodeQL alert(s), and (select one):
  • I have resolved the CodeQL alert(s) as noted
  • I believe the CodeQL alert(s) is a false positive (Merge Team will evaluate)
  • I have followed the Instructions below, but I am still stuck (Merge Team will evaluate)

Instructions for resolving CodeQL alerts

If CodeQL alert/annotations appear, refer to How to Resolve CodeQL alerts.

In general, CodeQL alerts should be resolved prior to PR reviews and merging

Test logs

• Create issue
• Assign issue
• Feature branch
• Test issue

If you want to review this

• See "Resources/Instructions" on Review Permissions for the "Issue Trigger" workflow #8336 to set up your environment
• Additionally, on github-actions/trigger-issue/add-preliminary-comment/preliminary-update-comment.js, change line 69 to const isAdminOrMerge = true;
• Whenever github-actions/utils/query-issue-info.js or github-actions/utils/mutate-issue-status.js runs, there will be an error. This can be addressed, but is probably more work than you need to do to review this. If you want to fix this, let me know and I can show you. Otherwise, ok to ignore it.