ci(cd): update workflow permissions

Author: rhahao

.github/workflows/code-ql.yml

@@ -8,16 +8,14 @@ on:
   schedule:
     - cron: '0 12 * * 4'
 
-permissions: read-all
+permissions:
+  contents: read
+  security-events: write
 
 jobs:
   codeql:
     name: Code QL
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
 
     steps:
       - name: Checkout repository for code analysis

.github/workflows/njsscan.yml

@@ -8,16 +8,14 @@ on:
   schedule:
     - cron: '0 12 * * 4'
 
-permissions: read-all
+permissions:
+  contents: read
+  security-events: write
 
 jobs:
   nodejsscan:
     name: NodeJS Scan
     runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-      actions: read
-      contents: read
 
     steps:
       - name: Checkout the code

.github/workflows/scorecards.yml

@@ -7,19 +7,15 @@ on:
   push:
     branches: [main]
 
-permissions: read-all
+permissions:
+  id-token: write
+  contents: read
+  security-events: write
 
 jobs:
   scorecards:
     name: Scorecards Analysis
     runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge. (Upcoming feature)
-      id-token: write
-      actions: read
-      contents: read
 
     steps:
       - name: 'Checkout code'