Fix: permissions: {} blocks reusable workflow calls

[metascroy]

viable-strict-gate.yml and mlx.yml had permissions: {} but call _ci-run-decision.yml, which needs contents: read for actions/checkout. GitHub intersects caller permissions with callee needs ({} ∩ {contents: read} = {}), so both workflows were rejected at registration since #19919 landed. The gate hasn't run (so update-viablestrict has had no signal), and mlx.yml hasn't triggered (MLX / * checks show [does not exist] on HUD). Loosen both to permissions: contents: read. Audited all other callers of _ci-run-decision.yml / _get-changed-files.yml; none affected.

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/19923

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

⏳ No Failures, 161 Pending

As of commit f59870b with merge base 410f930 ():
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.