fix(ci): grant id-token: write to test-local job

test-warehouse.yml declares id-token: write at the job level (added in
#997 for the athena AWS-OIDC step). Reusable-workflow permissions are
bounded by the calling job, so test-local needs the same grant even
though no local matrix entry actually triggers the OIDC step.

Without this, GitHub rejects the workflow with:

  Error calling workflow '.../test-warehouse.yml@...'.
  The nested job 'test' is requesting 'id-token: write',
  but is only allowed 'id-token: none'.

Made-with: Cursor

Author: GuyEshdat

.github/workflows/test-all-warehouses.yml

@@ -46,6 +46,7 @@ jobs:
     if: github.event_name != 'pull_request_target'
     permissions:
       contents: read
+      id-token: write
     strategy:
       fail-fast: false
       matrix: