ci(github-actions): least priviledge

Author: thomasleplus

.github/workflows/codeql-analysis.yml

@@ -20,6 +20,12 @@ jobs:
     # Consider using larger runners or machines with greater resources for possible analysis time improvements.
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     permissions:
+      # for github/codeql-action/init to get workflow details
+      actions: read
+      # for actions/checkout to fetch code
+      contents: read
+      # for github/codeql-action/autobuild to send a status report
+      security-events: write
     strategy:
       fail-fast: false
       matrix: