Potential fix for code scanning alert no. 8: Workflow does not contain permissions (#466)

Potential fix for
[https://github.com/aws-observability/aws-application-signals-test-framework/security/code-scanning/8](https://github.com/aws-observability/aws-application-signals-test-framework/security/code-scanning/8)

To fix this issue, an explicit `permissions` block should be added to
the `all-codeql-checks-pass` job in `.github/workflows/codeql.yml`, with
the minimal permissions necessary for its steps. The job merely checks
workflow/job results and does not interact with or modify repository
contents, so `contents: read` is both GitHub's recommended minimal
starting point and sufficient for this case.
The `permissions` block must be added at the same indentation level as
`runs-on` within the `all-codeql-checks-pass` job definition (after line
109), to avoid affecting the global workflow or other jobs.

---


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: thpierce

.github/workflows/codeql.yml

@@ -107,6 +107,8 @@ jobs:
 
   all-codeql-checks-pass:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     needs: [analyze]
     if: always()
     steps: