fix: add missing permissions for GitHub Actions PR comments

- Add pull-requests: write and issues: write permissions to comment-on-pr job
- Add missing migration_changes output to validate-migrations job
- Fixes 'Resource not accessible by integration' error when commenting on PRs

This resolves the 403 error when the migration validation workflow tries to
comment on pull requests with validation results.

.github/workflows/migration-check.yml

@@ -223,13 +223,13 @@ jobs:
     needs: validate-migrations
     if: github.event_name == 'pull_request' && always()
     permissions:
-      issues: write
+      contents: read
       pull-requests: write
+      issues: write
     steps:
       - name: Comment migration status on PR
         uses: actions/github-script@v7
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             const success = '${{ needs.validate-migrations.result }}' === 'success';
             const migrationChanges = '${{ needs.validate-migrations.outputs.migration_changes }}' === 'true';