Set top-level permissions to None on all workflows, setting per-job
permissions. This avoids that new jobs inherit unwanted permissions.
Discussion: https://curl.se/mail/lib-2022-11/0028.html
Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Closes#9928
Avoid letting outdated CI runs continue if a PR receives
new changes. Outside a PR we let them continue running
by tying the concurrency to the commit hash instead.
Also only let one CodeQL or Hacktoberfest job run at a time.
Other CI platforms we use have this build in, but GitHub
unfortunately neither by default nor with a simple option.
This saves CI resources and therefore a little energy.
Approved-by: Daniel Stenberg
Approved-by: Max Dymond
Closes#9533
Diogo Teles Sant'Anna
Philip H
Marc Hoersken
Daniel Stenberg