ci: restrict token permissions and add badges to README.md

Change-Id: I057fab1370f4f3941bf3fe1de9c6d99198e3bd71
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e7188d2..20f7cb4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,9 +1,16 @@
 name: CI
 on:
   push:
-  pull_request:
+    paths-ignore:
+      - 'docs/**'
+      - '*.md'
+      - '.mailmap'
+      - '.travis.yml'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   linux:
     name: ${{ matrix.compiler }} on ${{ matrix.os }}