ci: restrict GITHUB_TOKEN permissions

Signed-off-by: Rifa Achrinza <[email protected]>

.github/workflows/continuous-integration.yaml

@@ -8,6 +8,8 @@ on:
     branches:
     - 5.x
 
+permissions: {}
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -64,6 +66,9 @@ jobs:
   codeql:
     name: CodeQL
     runs-on: ubuntu-latest
+    permissions:
+      # See: https://github.com/github/codeql-action/blob/008b2cc71c4cf3401f45919d8eede44a65b4a322/README.md#usage
+      security-events: write
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
@@ -75,4 +80,4 @@ jobs:
         config-file: ./.github/codeql/codeql-config.yml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v1