ci: reduce workflow permissions

Decrease security exposure by restricting what the code executing in the
actions is allowed to do (in terms of GitHub operations).

.github/workflows/update-plugin-list.yml

@@ -7,22 +7,35 @@ on:
     - cron: '0 0 * * 0'
   workflow_dispatch:
 
+# Set permissions at the job level.
+permissions: {}
+
 jobs:
   createPullRequest:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
       - name: Setup Python
         uses: actions/setup-python@v2
         with:
           python-version: 3.8
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install packaging requests tabulate[widechars]
+
       - name: Update Plugin List
         run: python scripts/update-plugin-list.py
+
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@2455e1596942c2902952003bbb574afbbe2ab2e6
         with: