Add security-events: write permission to CodeQL workflow job

[Copilot]

The CodeQL Analysis workflow was missing the required security-events: write permission needed for uploading security scanning results to GitHub's code scanning dashboard.

Changes Made

• Added permissions: section with security-events: write to the CodeQL-Build job in .github/workflows/codeql-analysis.yml
• Permission is correctly placed at the job level (not root level) following security best practices
• Aligns with the existing pattern used in the OSSF Scorecard workflow

Why This Change Was Needed

Jobs that use github/codeql-action/analyze require the security-events: write permission to successfully upload analysis results. Without this permission, the CodeQL action may fail to publish security findings to the repository's security dashboard.

Validation

• ✅ YAML syntax validated
• ✅ Follows existing repository patterns
• ✅ Permission scoped to specific job (principle of least privilege)
• ✅ Only modified the workflow that uses github/codeql-action/analyze

Fixes #14.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.