Fix Security Vulnerability Scan workflow permissions

[Copilot]

The Security Vulnerability Scan workflow was failing when attempting to upload Trivy SARIF results to GitHub Security with "Resource not accessible by integration" error.

Changes

Added required permissions to the security-scan job in .github/workflows/ci.yml:

security-scan:
  name: Security Vulnerability Scan
  runs-on: ubuntu-latest
  permissions:
    security-events: write  # Required for SARIF upload
    contents: read          # Required for checkout

The github/codeql-action/upload-sarif@v3 action requires explicit security-events: write permission to access CodeQL Action API endpoints and upload scan results to the Security tab.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}