Potential fix for code scanning alert no. 5: Workflow does not contain permissions

[SachaMorard]

Potential fix for https://github.com/edgee-cloud/segment-component/security/code-scanning/5

In general, to fix this type of issue you add a permissions block either at the workflow root (applies to all jobs without their own permissions) or on the specific job. Here we already have a job (clippy) with its own permissions block, so the cleanest, least-disruptive fix is to add an explicit permissions block to the coverage job only. That addresses the CodeQL finding and keeps existing behavior of other jobs unchanged.

Concretely, in .github/workflows/check.yml, under the coverage job (line 84 onward), add a permissions: section specifying minimal permissions. As a safe minimal starting point aligned with the CodeQL suggestion, use contents: read. If Coveralls needed extra scopes (like checks: write or statuses: write), they could be added later, but we will not assume that without evidence in the snippet. The change is only to insert this permissions mapping under coverage: at the same indentation level as runs-on: and steps:.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[coveralls]

Pull Request Test Coverage Report for Build 20655792012

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage decreased (-0.1%) to 98.952%

---

Files with Coverage Reduction	New Missed Lines	%
src/lib.rs	1	99.11%

Totals
Change from base Build 18656468573:	-0.1%
Covered Lines:	661
Relevant Lines:	668

---

💛 - Coveralls