Only grant necessary permissions

.github/workflows/image_metadata.yml

@@ -7,18 +7,16 @@ on:
   pull_request:
     paths: [ '**.webp', '**.png', '**.jpg', '**.jpeg' ]
   
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Image Metadata
     runs-on: ubuntu-latest
-    
-    permissions:
-      contents: read
-      pull-requests: write
-
     env:
-      HEAD_SHA: ${{ github.event_name == 'push' && github.event.after  || github.event.pull_request.head.sha }}
       BASE_SHA: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }}
+      HEAD_SHA: ${{ github.event_name == 'push' && github.event.after  || github.event.pull_request.head.sha }}
 
     steps:
       - name: exiftool installation
@@ -45,7 +43,7 @@ jobs:
             # check Copyright tag, fail if missing or wrong type
             copyright="$(exiftool -p '$Copyright' "$file")"
             case $copyright in
-              GNU GPL v2+|CC BY-SA 4.0|CC0)
+              'GNU GPL v2+'|'CC BY-SA 4.0'|CC0)
                 printf 'Copyright tag in %s is %s\n' "$file" "$copyright"
                 ;;
               '')