ci: add explicit permissions to GitHub Actions workflows

[sai-ray]

Description of changes

This PR adds explicit permissions blocks to GitHub Actions workflows to comply with the upcoming security change on February 2nd, 2026, when the default GitHub token permission will change from "Read and Write" to "Read repository contents and packages permissions."

Changes:

1. closed-issue-message.yml

permissions:
  issues: write

• Needed to post a comment on closed issues via the aws-actions/closed-issue-message action.

Without explicit permissions, this workflow will break when the repo default changes to read-only. This follows the principle of least privilege by only granting the permissions the workflow actually needs.

Codegen Paramaters Changed or Added

Issue #, if available

Description of how you validated changes

Checklist

• PR description included
• yarn test passes
• E2E test run linked
• Tests are changed or added
• Relevant documentation is changed or added (and PR referenced)
• Breaking changes to existing customers are released behind a feature flag or major version update
• Changes are tested using sample applications for all relevant platforms (iOS/android/flutter/Javascript) that use the feature added/modified
• Changes are tested on windows. Some Node functions (such as path) behave differently on windows.
• Changes adhere to the GraphQL Spec and supports the GraphQL types type, input, enum, interface, union and scalar types.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.