ci(workflows): improve security and update actions

- set top-level explicit permissions for each GitHub Actions workflow for improved security and deduplication of permissions.
- add `persist-credentials: false` to actions/checkout for improved security - see https://github.com/actions/checkout#checkout-v4
- update actions/checkout from v4 to v5

.github/workflows/generate-changelog.yml

@@ -16,6 +16,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Generate changelog