codeql: Fix GitHub Action permissions

We recently started getting the message

  request: {
    method: 'PUT',
    url: 'https://api.github.com/repos/cilium/cilium/code-scanning/analysis/status',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'CodeQL Action octokit-core.js/3.1.2 Node.js/12.13.1 (linux; x64)',
      authorization: 'token [REDACTED]',
      'content-type': 'application/json; charset=utf-8'
    },
    body: '{"workflow_run_id":1221776932,"workflow_name":"codeql","job_name":"analyze","analysis_key":".github/workflows/lint-codeql.yaml:analyze","commit_oid":"d82ac6f54c0118088cc46d8d892ff5e87cf5d09e","ref":"refs/heads/master","action_name":"init","action_ref":"b7dd4a6f2c343e29a9ab8e181b2f540816f28bd7","action_oid":"unknown","started_at":"2021-09-10T15:35:29.029Z","action_started_at":"2021-09-10T15:35:29.029Z","status":"starting","cause":"MismatchedBranches","matrix_vars":"null"}',
    request: { agent: [Agent], hook: [Function: bound bound register] }
  },
  documentation_url: 'https://docs.github.com/rest'
}
Error: Resource not accessible by integration

when CodeQL runs on CI.

From reading github/codeql-action#464,
permission to write security events is needed.

Signed-off-by: Tom Payne <tom@isovalent.com>

.github/workflows/lint-codeql.yaml

@@ -37,6 +37,8 @@ jobs:
     needs: check_changes
     if: github.repository == 'cilium/cilium' && needs.check_changes.outputs.go-changes == 'true'
     runs-on: ubuntu-18.04
+    permissions:
+      security-events: write
     steps:
     - name: Checkout repo
       uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f