Bump checkout to v3 and mention needed permissions

[JeffFessler]

My cleanup job kept failing and it took me a while to realize it was a repo permissions issue.
Hopefully having a brief note here will help others (and my future self).

[fredrikekre]

I believe it should be possible to set the permissions only for this job, see e.g. https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs#assigning-permissions-to-a-specific-job

[mortenpi]

Yes, I think this should be sufficient?

permissions:
  contents: write

[JeffFessler]

Ok, I updated the PR to list both options.
I have several of github actions that use GITHUB_TOKEN, like TagBot and CompatHelper and of course Documenter, so to me it seems easier just to give them all the write permissions using the repo settings. But I agree it is also worth explaining how to do it in the way that applies only to this job. If you prefer to emphasize the job-specific way, then we probably should update the example yaml file to include the permissions in it explicitly so that users can easily copy/paste that example and have it work.

[mortenpi]

If you prefer to emphasize the job-specific way, then we probably should update the example yaml file to include the permissions in it explicitly so that users can easily copy/paste that example and have it work.

Actually, if you don't mind, that would be good. In my opinion, in general, you want the additional permissions to be as close to where you are using them. So I think we should suggest permissions: by default, but can also mention the repo-wide settings as an alternative.

[JeffFessler]

Done. Feel free to reformat further if you really like those long lines. The problem with long lines (IMHO) is that they lead to big diffs in the repo when anyone changes one small part of a long line. See the current file diff where I changed "taken from" to "based on" - that tiny change causes a big diff. But it's up to you :)

[mortenpi]

LGTM, thanks!