Update Qodana workflow permissions (#4809)

Author: rli

.github/workflows/qodana.yml renamed to .github/workflows/qodana-check.yml

@@ -15,7 +15,12 @@ jobs:
   qodana:
     runs-on: ubuntu-latest
     permissions:
+      # PR check
       checks: write
+      # PR comments
+      pull-requests: write
+      # SARIF upload
+      security-events: write
     steps:
       - uses: actions/checkout@v4
         with:
@@ -28,7 +33,7 @@ jobs:
           tool-cache: false
           large-packages: false
       - name: 'Qodana Scan'
-        uses: JetBrains/[email protected].8
+        uses: JetBrains/[email protected].9
         env:
           QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
         with: