set top level permissions to read

dibenede · web-flow · commit ca5687039bb2 · 2022-07-21T17:05:54.000-07:00
Best practice is to set top level to read only in the event additional jobs are added to the file.

This fixes a code scanning alert.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -11,6 +11,8 @@
 #
 name: "CodeQL"
 
+permissions: read-all
+
 on:
   push:
     branches: [ "main" ]
