Restore contents:write permission for docs deploy (fix gh-pages 403)

[ChrisRackauckas-Claude]

Problem

The docs build passes, but the deploydocs push to gh-pages fails (403 / push denied to github-actions[bot]). The Documentation workflow uses the centralized reusable SciML/.github/.github/workflows/documentation.yml@v1 with secrets: "inherit" and no DOCUMENTER_KEY secret, so Documenter falls back to a token-based gh-pages push using GITHUB_TOKEN.

Root cause

The CI-centralization migration replaced the docs job with a thin caller of documentation.yml@v1 but dropped the permissions: block from the caller job. The reusable workflow declares no permissions, so the caller job's permissions (now the default, read-only contents) flow through to the GITHUB_TOKEN used inside the called workflow. A read-only token cannot push to gh-pages -> 403.

Fix

Declare permissions: { actions: write, contents: write, statuses: write } on the reusable-workflow caller job in Documentation.yml. For a uses: reusable-workflow job, the caller job's permissions are passed through to the GITHUB_TOKEN used inside the called workflow, restoring the token-based deploy mechanism. No secret is required.

This mirrors the proven fix in SciML/OrdinaryDiffEqOperatorSplitting.jl#90 exactly.

Verification

• YAML validated locally (python3 yaml.safe_load) — OK.
• The deploy itself cannot be fully verified without a CI run on master/a tag (gh-pages push only happens on the default branch / tags, not on PR builds). The fix is correct by matching the proven #90 pattern and the pre-migration permission set.

Please ignore until reviewed by @ChrisRackauckas

[ChrisRackauckas-Claude]

Superseded by SciML/.github#102, which sets permissions: contents: write in the centralized documentation.yml reusable itself — so no per-repo permissions block is needed once v1 is retagged. Closing this in favor of the central fix.