fix: add security-events permission to CI workflow for SARIF uploads

Adds security-events: write permission to the CI workflow to allow the
Security Scan job to upload Trivy SARIF results to GitHub Code Scanning.
This resolves the "Resource not accessible by integration" error.

.github/workflows/ci.yml

@@ -6,6 +6,10 @@ on:
     pull_request:
         branches: [master]
 
+permissions:
+    contents: read
+    security-events: write
+
 env:
     NODE_VERSION: "20"
     PNPM_VERSION: "9.0.0"