chore: add explicit permissions to release-please workflow

[kinyoklion]

Requirements

• I have added test coverage for new or changed functionality
• I have followed the repository's pull request submission guidelines
• I have validated my changes against all supported platform versions

No test changes needed — this is a CI workflow configuration change only.

Related issues

N/A — identified during an audit of all non-archived launchdarkly-sdk-tagged repositories for missing release-please workflow permissions.

Describe the solution you've provided

Adds explicit contents: write and pull-requests: write permissions to the release-please job. These are required for the release-please action to:

• Create and update release PRs (pull-requests: write)
• Create GitHub releases and push tags (contents: write)

Without explicit permissions, the job relies on the repository/org default GITHUB_TOKEN permissions, which may be insufficient if defaults are tightened to read-only.

Describe alternatives you've considered

Setting permissions at the workflow level (top-level permissions: key) was considered, but job-level scoping follows the principle of least privilege and avoids granting unnecessary access to the downstream publish-package job (which already has its own explicit permissions block).

Additional context

This is part of a batch update across all launchdarkly-sdk-tagged repositories whose release-please workflows were missing explicit permissions on their default branch.

Human review checklist

• Adding an explicit job-level permissions block restricts the token to only the listed permissions (plus metadata: read), revoking any previously inherited defaults. Confirm the release-please job does not need additional permissions (e.g., id-token: write).
• Verify the downstream publish-package job is unaffected (it has its own permissions block).

Link to Devin session: https://app.devin.ai/sessions/a83b6e4f4fa14b96b859cfb50755a2c1
Requested by: @kinyoklion

---

Note

Low Risk
Low risk CI change that only scopes GITHUB_TOKEN permissions for the release-please job; main risk is inadvertently missing a required permission and breaking automated release PR/tag creation.

Overview
Adds an explicit permissions block to the release-please GitHub Actions job, granting contents: write and pull-requests: write so the release-please action can create/update release PRs and publish tags/releases even when default token permissions are restricted.

^{Written by Cursor Bugbot for commit d6558fc. This will update automatically on new commits. Configure here.}

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring