ci: restrict GITHUB_TOKEN permissions

Signed-off-by: Rifa Achrinza <[email protected]>

Author: achrinza

.github/workflows/continuous-integration.yaml

@@ -12,6 +12,8 @@ on:
   schedule:
     - cron: '0 2 * * 1' # At 02:00 on Monday
 
+permissions: {}
+
 jobs:
   test:
     name: Test
@@ -90,6 +92,9 @@ jobs:
   codeql:
     name: CodeQL
     runs-on: ubuntu-latest
+    permissions:
+      # See: https://github.com/github/codeql-action/blob/008b2cc71c4cf3401f45919d8eede44a65b4a322/README.md#usage
+      security-events: write
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2