set the permissions required for the job in ci-image-scanning.yaml

Signed-off-by: zhzhuang-zju <[email protected]>

Author: zhzhuang-zju

.github/workflows/ci-image-scanning.yaml

@@ -5,13 +5,12 @@ on:
     # for PRs initiated by Dependabot.
     branches-ignore:
       - 'dependabot/**'
-
 permissions:
-  contents: read # for actions/checkout to fetch code
-  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-  
+  contents: read
 jobs:
   use-trivy-to-scan-image:
+    permissions:
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
     name: image-scanning
     if: ${{ github.repository == 'karmada-io/karmada' }}
     runs-on: ubuntu-22.04