[Lint] Add bat version and lint CI permission

[titaiwangms]

1. Add bat version linter for Windows user
2. Add permission setting for third-party actions in lint.yaml to limit their access
3. Did some research and discussed with @justinchuby, CodeQL only hints on the modified file in a PR, and the error/warning/note are all informative, and aligned with pylint/mypy which are included in out lint, so I suggest we can have it for a while, and see how it goes. (However, disable one or few rules that we don't need in CodeQL seems doable in the next release: How to disable particular rule by its ID from GitHub workflow? github/codeql#7937)

fixes #127

[titaiwangms]

I referenced from Pytorch/TensorRT setting, which is also using third-party actions.

[justinchuby]

I think only lint-python will need to set permissions because others don't use 3p actions.

[justinchuby]

Suggested change

	permissions:
	actions: write
	checks: write
	contents: write
	deployments: none
	id-token: write
	issues: write
	discussions: write
	packages: write
	pull-requests: write
	repository-projects: none
	security-events: none
	statuses: write

[titaiwangms]

Do we need to change those not using third-party as well?

[justinchuby]

these jobs are fine. as long as they are not 3p github actions

[titaiwangms]

Then this one if good to go?

[justinchuby]

I would just remove the whole permissions section for these two jobs

[titaiwangms]

That won't work. It seems if you have one with specify permissions, you will have to define others as well, based on my trial.

[justinchuby]

hmm that's good to know. kinda surprising that it works this way though

[titaiwangms]

Nah, I just checked my commit. I think I haven't tried that. Let me give it a try.

[justinchuby]

none fields can be removed because "If you specify the access for any of these scopes, all of those that are not specified are set to none." https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[titaiwangms]

I think one of the benefits of leaving it there is that the next person, who needs to change the permission, can see what options he/she has on this (No need to investigate again). Besides, we are not adding more lines on this. What do you think?

[justinchuby]

sounds good to me

[titaiwangms]

cc @gramalingam for batch files review.

[gramalingam]

LGTM, thanks!