Actions should be locked down and only request desired permissions

Our Actions currently need

- access to the content
- write access for issues (they create issues if container image does not align with CIS benchmark according to dockle)
- secret access (read)
- secret access write (used only by those actions that create passwords in azure after infra deployment)