fix(security): Read-all and Write-all permissions should not be used in .github/workflows/pr-quota-limit.yml

[JiGuoDing]

Ⅰ. Describe what this PR does

This PR tries to replace permissions: read-all in .github/workflows/pr-quota-limit.yml with contents: read and pull-requests: read for security reasons.

Ⅱ. Does this pull request fix one issue?

fixes #5632

Ⅲ. List the added test cases (unit test/integration test) if any, please explain if no tests are needed.

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

This PR addresses a security concern by replacing the overly permissive permissions: read-all directive in the PR quota limit workflow with specific, minimal permissions following the principle of least privilege. The change grants only contents: read and pull-requests: read at the workflow level, while the job itself maintains appropriate write permissions for its operations.

Changes:

• Replaced permissions: read-all with explicit contents: read and pull-requests: read permissions in the workflow file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.35%. Comparing base (0745727) to head (b3e99bf).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #5656   +/-   ##
=======================================
  Coverage   59.35%   59.35%           
=======================================
  Files         444      444           
  Lines       30540    30540           
=======================================
  Hits        18128    18128           
  Misses      10910    10910           
  Partials     1502     1502           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[RongGu]

/lgtm
/approve

[fluid-e2e-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RongGu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [RongGu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment