Merge pull request #71 from CycloneDX/chore/gh-workflow-permissions

chore: GH workflow permissions

Author: jkowalleck

.github/workflows/codeql-analysis.yml

@@ -10,6 +10,11 @@ on:
   schedule:
     - cron: '0 9 * * 5'
 
+# see https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze

.github/workflows/maven.yml

@@ -2,6 +2,9 @@ name: Maven CI
 
 on: [push, pull_request]
 
+# see https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
+permissions: {}
+
 jobs:
   build: