Merge pull request #5059 from aditya7302/ci-image-scanning-token-perm…

…ission

Define top level Permission for ci-image-scanning workflow

.github/workflows/ci-image-scanning.yaml

@@ -5,6 +5,11 @@ on:
     # for PRs initiated by Dependabot.
     branches-ignore:
       - 'dependabot/**'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
 jobs:
   use-trivy-to-scan-image:
     name: image-scanning