ci: add permission to build-base workflow

Author: skunxicat

.github/workflows/build-base.yml

@@ -16,7 +16,9 @@ on:
       - 'task/handler.sh'
 
 permissions:
-  contents: read
+  contents: write
+  issues: write
+  pull-requests: write
   packages: write
 
 concurrency:
@@ -37,16 +39,18 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          password: ${{ secrets.GHCR_PAT }}
 
       - name: Build and push base
         run: |
+          echo "${{ secrets.GHCR_PAT }}" > github_token
           docker buildx build \
             --platform linux/arm64 \
             --provenance=false \
+            --secret id=github_token,src=github_token \
             --target base \
             --tag ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime:base \
             --push \
             .
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GHCR_PAT }}