fix(ci): Grant statuses: write to changelog-preview caller

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Adds statuses: write to the caller's permissions: block in .github/workflows/changelog-preview.yml.

💡 Motivation and Context

After #6056 landed, every PR is failing workflow validation:

Invalid workflow file: .github/workflows/changelog-preview.yml#L16
The workflow is not valid. Error calling workflow 'getsentry/craft/.github/workflows/changelog-preview.yml@3dc647fee3586e57c7c31eb900fdec7cbb44f23f'. The nested job 'preview' is requesting 'statuses: write', but is only allowed 'statuses: none'.

Example: https://github.com/getsentry/sentry-react-native/actions/runs/25053863171

The upstream reusable workflow's preview job declares permissions.statuses: write unconditionally (its inline comment "# For status check mode" is misleading — the permission is requested even in comment mode). Reusable workflows can only request permissions ≤ caller's, so the caller has to grant it. This matches the pattern already in sentry-cocoa, sentry-dotnet, and sentry-go.

Note: I dropped this permission in #6056 reasoning that we use comment mode and don't need it. That was wrong — the validation happens at job-permissions level regardless of which input we pass.

💚 How did you test it?

Workflow file only — verified against the upstream permissions: block at the pinned SHA. Final validation will come from the next PR opened against main after this lands.

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

[github-actions]

	Fails
🚫	Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

Generated by 🚫 dangerJS against b498929