Define top level Permission for ci-image-scanning workflow

Signed-off-by: aditya7302 <[email protected]>

Author: aditya7302

.github/workflows/ci-image-scanning.yaml

@@ -5,6 +5,11 @@ on:
     # for PRs initiated by Dependabot.
     branches-ignore:
       - 'dependabot/**'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  
 jobs:
   use-trivy-to-scan-image:
     name: image-scanning