ci: Add missing permissions to update-pull-request workflow

[Mrtenz]

The update-pull-request workflow is missing id-token: write permission to perform OIDC token exchange.

---

Note

Low Risk
CI workflow permission scoping only; no runtime application or data-path changes.

Overview
Adds explicit GitHub Actions permissions so the update-pull-request flow can use OIDC with MetaMask/github-tools/.github/actions/get-token and run gh against PRs without relying on overly broad defaults.

In main.yml, the Dependabot update-pull-request reusable-workflow call now passes contents: read, id-token: write, and pull-requests: read into the child workflow.

In update-pull-request.yml, a workflow default of contents: read is set, is-fork-pull-request gets pull-requests: read for gh pr view, and every job that calls get-token (react-to-comment, prepare, dedupe/build/LavaMoat/examples, and commit-result) declares id-token: write (with contents: read where checkout/token exchange needs it).

^{Reviewed by Cursor Bugbot for commit 4b9a10d. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 853b7c5. Configure here.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.58%. Comparing base (c1e2412) to head (4b9a10d).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4031   +/-   ##
=======================================
  Coverage   98.58%   98.58%           
=======================================
  Files         425      425           
  Lines       12364    12364           
  Branches     1948     1948           
=======================================
  Hits        12189    12189           
  Misses        175      175           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.