Permissions can be set in a more convienent way.

[tristansokol]

Describe

Hi! I initially abandoned setting this up after running into the Resource not accessible by integration issue, as the suggested pull_request_target seemed not very good. However, working with another action showed me that you can set permissions with something like

    permissions:
      # Required to checkout the code
      contents: write
      checks: write
      # Required to put a comment into the pull-request
      pull-requests: write

I think this is a preferred option (at least for uses cases where the PRs are all from internal branches.) compared to what is currently shown as an option to fix this issue.

Additional context

Additionally the check seemed to work just fine with contents: read & pull-requests: write aside from the failing API calls (tests were ran, coverage comment was made) and these permissions line up with other similar actions (https://github.com/marketplace/actions/vitest-coverage-report) Is there a reason why this action requires additional permissions? Maybe we could document them in the same spot.

Thanks!