Backport setting default read-only permissions. #390

	---
	name: Go Vulnerability Checker
	on: [push, pull_request]
	permissions: read-all
	jobs:
	test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- id: goversion
	run: echo "goversion=$(cat .go-version)" >> "$GITHUB_OUTPUT"
	- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: ${{ steps.goversion.outputs.goversion }}
	- run: date
	- run: \|
	set -euo pipefail

	go install golang.org/x/vuln/cmd/govulncheck@latest

	find . -name go.mod \| xargs -I'{}' /bin/bash -c 'echo scanning $(dirname {}); govulncheck -C $(dirname {}) -show verbose ./...'

Provide feedback