add missing top-level token permissions to workflows

Signed-off-by: Timothy Lee <[email protected]>

Author: timothyklee

.github/workflows/codeql-analysis.yml

@@ -20,13 +20,15 @@ on:
   schedule:
     - cron: '17 19 * * 5'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
       actions: read
-      contents: read
       security-events: write
 
     strategy:

.github/workflows/docker-image.yml

@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
 
   build: