fix: Add required permissions for security workflow SARIF upload

The security job was failing with "Resource not accessible by integration"
because it lacked the necessary permissions to upload SARIF results to
GitHub's Security tab.

Changes:
- Add security-events: write permission to security job
- Add contents: read permission (required for checkout action)

This allows the github/codeql-action/upload-sarif@v3 action to successfully
upload Trivy scan results to the GitHub Security dashboard.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: codebydivine

.github/workflows/ci.yml

@@ -97,6 +97,9 @@ jobs:
 
   security:
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      contents: read
     steps:
     - uses: actions/checkout@v4