Added top level read only to codeql.yml

Author: Scott Straughan

.github/workflows/codeql.yml

@@ -8,22 +8,19 @@ on:
   schedule:
     - cron: '31 11 * * 2'
 
+permissions: read-all
+
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
     runs-on: 'ubuntu-latest'
     timeout-minutes: 360
     permissions:
-      # required for all workflows
+      contents: read
       security-events: write
-
-      # required to fetch internal or private CodeQL packs
+      pull-requests: read
       packages: read
 
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
-
     strategy:
       fail-fast: false
       matrix: