Set permissions: content: write in hosting.md

[rikhuijzer]

Fix for the too permissive setting in #1819.

Thanks to @SaschaMann for noting that

This is not a good practice. Instead, only the minimal permissions that are needed to make the workflow work should be given to the token.

See julia-actions/julia-docdeploy#21 for details.

[mortenpi]

LGTM, thanks!

[fredrikekre]

Does this allow publishing PR statuses?

[SaschaMann]

No, those need either statuses or checks.

[mortenpi]

So deploydocs calls out to these APIs:

Documenter.jl/src/deployconfig.jl

Line 499 in fdaa610

push!(cmd.exec, "https://api.github.com/repos/$(owner)/$(repo)/statuses/$(sha)")

Documenter.jl/src/deployconfig.jl

Line 521 in fdaa610

push!(cmd.exec, "https://api.github.com/repos/$(repo)/pulls/$(prnr)")

Is statuses: write enough for these?

[rikhuijzer]

Is statuses: write enough for these?

Probably also pull-requests: write or what does that second API do? Someone here who can quickly try it out on one of their repositories? I'm not using this feature.