add job level permissions

Author: FuhuXia

.github/workflows/snyk.yml

@@ -1,5 +1,5 @@
 ---
-  name: Snyk Security
+name: Snyk Security
 
 on:
   workflow_dispatch:
@@ -15,6 +15,10 @@ jobs:
     name: snyk test
     runs-on: ubuntu-latest
     if: github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
+    permissions:
+      contents: write
+      pull-requests: write
+      security-events: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -90,6 +94,8 @@ jobs:
     name: snyk monitor
     runs-on: ubuntu-latest
     if: github.event_name == 'push'
+    permissions:
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4