Updates the permissions block to be minimal

aeisenberg · aeisenberg · commit 947357692e9f · 2021-08-09T11:40:19.000-07:00
And adds a permissions block to the README.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -17,8 +17,6 @@ jobs:
       versions: ${{ steps.compare.outputs.versions }}
 
     permissions:
-      actions: read
-      contents: read
       security-events: write
 
     steps:
@@ -68,8 +66,6 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     permissions:
-      actions: read
-      contents: read
       security-events: write
 
     steps:
diff --git a/README.md b/README.md
@@ -42,6 +42,9 @@ jobs:
     # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
 
+    permissions:
+      security-events: write
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
