Clarify needed permissions for post-artifact action (at least in private repos)

[dylanhmorris]

As written, the example for the post-artifact action fails with a 403 when used in a private repo, as it cannot retrieve the artifact. To fix this, we need to specify actions: read and with pull-requests: write under permissions. contents: read is superfluous.

It is not immediately clear to me how easy it would be to produce a reprex in this (public) repo.

[github-actions]

Thank you for your contribution @dylanhmorris 🚀! Your readme-macos-latest is ready for download 👉 here 👈!
_{(The artifact expires on 2025-02-12T17:59:47Z. You can re-generate it by re-running the workflow here.)}

[github-actions]

Thank you for your contribution @dylanhmorris 🚀! Your readme-ubuntu-latest is ready for download 👉 here 👈!
_{(The artifact expires on 2025-02-12T17:59:47Z. You can re-generate it by re-running the workflow here.)}

[github-actions]

Thank you for your contribution @dylanhmorris 🚀! Your readme-windows-latest is ready for download 👉 here 👈!
_{(The artifact expires on 2025-02-12T17:59:47Z. You can re-generate it by re-running the workflow here.)}

[github-actions]

Thank you for your contribution @dylanhmorris 🚀! Your readme-rocker is ready for download 👉 here 👈!
_{(The artifact expires on 2025-02-12T17:59:47Z. You can re-generate it by re-running the workflow here.)}

[gvegayon]

Thanks for catching that. I think we could possibly have a private version of a repo that uses this action for testing? We can add it as an issue.