chore: add explicit permissions to release-please workflow

[kinyoklion]

Requirements

• I have added test coverage for new or changed functionality
• I have followed the repository's pull request submission guidelines
• I have validated my changes against all supported platform versions

No test changes needed — this is a CI workflow permissions fix only.

Related issues

N/A — identified during an audit of all non-archived launchdarkly-sdk-tagged repositories for missing release-please workflow permissions.

Describe the solution you've provided

Adds explicit contents: write and pull-requests: write permissions to the release-please job. Without these, the job relies on the default GITHUB_TOKEN permissions, which may be insufficient if the org or repo defaults are set to read-only.

Release-please requires:

• contents: write — to create GitHub releases and push tags
• pull-requests: write — to create and update release PRs

Describe alternatives you've considered

Setting permissions at the workflow level (top-level permissions: key) was considered, but job-level scoping follows the principle of least privilege and avoids granting unnecessary access to any future jobs added to this workflow.

Additional context

This is part of a batch update across all launchdarkly-sdk-tagged repos whose release-please workflows were missing explicit permissions on their default branch.

Human review checklist

• Confirm these two permissions are sufficient for release-please in this repo (some repos may also need id-token: write for OIDC)
• Verify the permissions are on the release-please job, not a downstream job

Link to Devin session: https://app.devin.ai/sessions/a83b6e4f4fa14b96b859cfb50755a2c1
Requested by: @kinyoklion

---

Note

Low Risk
Low risk: CI-only change that scopes GITHUB_TOKEN permissions for the release-please job to allow tag/release and release PR creation.

Overview
Updates the release-please GitHub Actions workflow to explicitly grant the release-please job contents: write and pull-requests: write permissions, instead of relying on repository default token permissions.

This ensures the action can create/update release PRs and publish tags/releases on the v4 branch even when org/repo defaults are read-only.

^{Written by Cursor Bugbot for commit 447c29b. This will update automatically on new commits. Configure here.}

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring