Add permissions to codeql-analysis.

Clear ossf-security alert about missing permission restriction.

Author: rouilj

.github/workflows/codeql-analysis.yml

@@ -25,6 +25,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze