I'm not sure if your script has a problem. I think you need this to be two separate batches, so a GO might be needed between these commands.
However, there's no way to grant read only access to future logins/users. That would have to be done for every new database.