Upgrade zizmor to the latest version in CI (#15649)

.github/workflows/build-binaries.yml

@@ -23,6 +23,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 env:
   PACKAGE_NAME: ruff
   MODULE_NAME: ruff

.github/workflows/ci.yaml

@@ -1,5 +1,7 @@
 name: CI
 
+permissions: {}
+
 on:
   push:
     branches: [main]

.github/zizmor.yml

@@ -10,3 +10,10 @@ rules:
     ignore:
       - build-docker.yml
       - publish-playground.yml
+  excessive-permissions:
+    # it's hard to test what the impact of removing these ignores would be
+    # without actually running the release workflow...
+    ignore:
+      - build-docker.yml
+      - publish-playground.yml
+      - publish-docs.yml

.pre-commit-config.yaml

@@ -91,7 +91,7 @@ repos:
   # zizmor detects security vulnerabilities in GitHub Actions workflows.
   # Additional configuration for the tool is found in `.github/zizmor.yml`
   - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.1.1
+    rev: v1.2.2
     hooks:
       - id: zizmor