fix: define top level permissions and fix token scope (#4543)

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

.github/workflows/codeql.yml

@@ -6,6 +6,12 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+  packages: read
+  actions: read
+  security-events: read
+
 jobs:
   analyze:
     name: Analyze project
@@ -13,14 +19,6 @@ jobs:
     permissions:
       # required for all workflows
       security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
-
     strategy:
       fail-fast: false
     steps:

.github/workflows/e2e.yml

@@ -6,9 +6,9 @@ on:
 
 permissions:
   contents: read
-  issues: write
-  pull-requests: write
-  checks: write
+  issues: read
+  pull-requests: read
+  checks: read
   statuses: read
 name: e2e tests
 
@@ -85,6 +85,7 @@ jobs:
       id-token: write
       checks: write
       contents: read
+      pull-requests: write
     if: github.event_name == 'repository_dispatch'
     steps: