Azure Web Apps Deploy action doesn't ask for content read permission

[lucasbfr]

Hi,

when setting up a brand new .net 8 deployment straight from the Azure portal, I encountered the following error at the "Checkout GitHub Action" step:

Fetching the repository
  "C:\Program Files\Git\bin\git.exe" -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +[REDACTED]:refs/remotes/origin/main
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/lucasbfr/[REDACTED]' not found
  The process 'C:\Program Files\Git\bin\git.exe' failed with exit code 128

This is caused by a missing permission. The ones created by Azure are
permissions: id-token: write #This is required for requesting the JWT

However,
contents: read #attempt to read the private repo
is required to be able to read a (I guess non public) repository.

The previous version of this script worked, probably because it was not setting any permission and contents: read is the default overridden by the new version.

[lucasbfr]

Also created at actions/starter-workflows#2467 (which is probably a better place?). You can probably close this if that's the case