Document fine grained access token permissions

[oscarbenjamin]

Hi and thanks for this useful action. I just got it working and it does exactly what I wanted.

I did have a slight stumbling block though which is that I initially tried to use GitHub's new "fine grained" access token feature which allows limiting the access of the secret to a single repo:
https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/

With the fine grained token it seems that "workflow" scope is not enough and the workflow failed to push to a branch in the repo:

Create New Branch (refs/heads/main -> gh-actions-update-1677328662)
Commit Changes
  
  [gh-actions-update-167732[86](https://github.com/oscarbenjamin/protosym/actions/runs/4270016606/jobs/7433570757#step:4:95)62 ff18142] Update GitHub Action Versions
   4 files changed, 11 insertions(+), 11 deletions(-)
  
  Error: remote: Permission to oscarbenjamin/protosym.git denied to oscarbenjamin.
  fatal: unable to access 'https://github.com/oscarbenjamin/protosym/': The requested URL returned error: 403

https://github.com/oscarbenjamin/protosym/actions/runs/4270016606/jobs/7433570757

I was able to fix this by using a "classic" token with workflow scope. I would prefer to use a fine grained token but it is not clear what permissions I would need to give to that token when looking through the list of options.

There does not seem to be any mention of this in the README so I was wondering if you know what the scope for a fine grained token should be.

[saadmk11]

I would like to update the documentation with the new fine grained token's when I get some time. PR's are welcome. :)

[oscarbenjamin]

Thanks for the update. I would have sent a PR if I had managed to figure out what permissions are needed!