Add necessary permissions for code freeze workflows (#36399)

* Add necessary permissions for code freeze workflows

* Checkout pnpm-lock.yaml to prevent issues

.github/workflows/release-changelog.yml

@@ -21,8 +21,8 @@ jobs:
     create-changelog-prs:
         runs-on: ubuntu-20.04
         permissions:
-          contents: read
-          pull-requests: write
+            contents: write
+            pull-requests: write
         steps:
             - name: Checkout code
               uses: actions/checkout@v3
@@ -46,6 +46,9 @@ jobs:
             - name: 'Generate the changelog file'
               run: pnpm --filter=woocommerce run changelog write --add-pr-num -n -vvv --use-version ${{ inputs.releaseVersion }}
 
+            - name: Checkout pnpm-lock.yaml to prevent issues
+              run: git checkout pnpm-lock.yaml
+
             - name: 'git rm deleted files'
               run: git rm $(git ls-files --deleted)
 

.github/workflows/release-code-freeze.yml

@@ -60,7 +60,8 @@ jobs:
         name: 'Maybe create next milestone and release branch'
         runs-on: ubuntu-20.04
         permissions:
-          contents: read
+            contents: write
+            issues: write
         needs: verify-code-freeze
         if: needs.verify-code-freeze.outputs.freeze == 0
         outputs:
@@ -89,8 +90,8 @@ jobs:
         name: Preps trunk for next development cycle
         runs-on: ubuntu-20.04
         permissions:
-          contents: read
-          pull-requests: write
+            contents: write
+            pull-requests: write
         needs: maybe-create-next-milestone-and-release-branch
         steps:
             - name: Checkout code
@@ -159,7 +160,7 @@ jobs:
         name: 'Trigger changelog action'
         runs-on: ubuntu-20.04
         permissions:
-          actions: write
+            actions: write
         needs: maybe-create-next-milestone-and-release-branch
         steps:
             - name: 'Trigger changelog action'