Add explicit permissions and remove decorator comments from workflows

[Copilot]

Aligns GitHub Actions workflows with security best practices by implementing explicit least-privilege permissions and cleaning up non-standard formatting.

Changes

Permissions added to all workflows (9 files):

• Caller workflows: contents: read for testing/quality, contents: write + pull-requests: write for readme regeneration, full triage permissions for issue workflows
• Reusable workflows: matching permissions scoped to their operations

Removed separator comments: Cleaned #---- decorative separators from job definitions

Step outputs: Verified existing implementation already follows best practices (GITHUB_OUTPUT for cross-job, GITHUB_ENV for intra-job state)

Example

# Before
on:
  pull_request:

jobs:
  code-quality: #-----------------------------------------------------------------------
    uses: wp-cli/.github/.github/workflows/reusable-code-quality.yml@main

# After
on:
  pull_request:

permissions:
  contents: read

jobs:
  code-quality:
    uses: wp-cli/.github/.github/workflows/reusable-code-quality.yml@main

Modified: code-quality.yml, testing.yml, regenerate-readme.yml, issue-triage.yml, welcome-new-contributors.yml, sync-workflows.yml, and their reusable counterparts.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Follow GitHub Actions best practices</issue_title>
<issue_description>Some pointers in #53.

• Use step outputs
• Remove those #------------------------------------ comments
• Set permissions
• Follow best practices such as https://docs.github.com/en/actions/reference/security/secure-use</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Follow GitHub Actions best practices #196

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.