fix token permissions lint error

Author: ChrisGe4

.github/workflows/scorecard.yml

@@ -3,28 +3,29 @@ on:
   pull_request:
   workflow_dispatch:
 
-permissions:
-  contents: read
-  security-events: write
-  id-token: write
+permissions: read-all
 
 jobs:
   analyze:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      id-token: write
     timeout-minutes: 20
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
-        with:
-          # Checkout the base repository ref, not the PR's head commit
-          ref: ${{ github.event.pull_request.base.sha }}
-          persist-credentials: false
-      - name: 'Run Scorecard'
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # ratchet:ossf/scorecard-action@v2.4.3
-        with:
-          results_file: 'results.sarif'
-          results_format: 'sarif'
-          publish_results: false
-      - name: 'Upload to GitHub Security Tab'
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # ratchet:github/codeql-action/upload-sarif@v4.35.1
-        with:
-          sarif_file: 'results.sarif'
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
+      with:
+        # Checkout the base repository ref, not the PR's head commit
+        ref: ${{ github.event.pull_request.base.sha }}
+        persist-credentials: false
+    - name: 'Run Scorecard'
+      uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # ratchet:ossf/scorecard-action@v2.4.3
+      with:
+        results_file: 'results.sarif'
+        results_format: 'sarif'
+        publish_results: false
+    - name: 'Upload to GitHub Security Tab'
+      uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # ratchet:github/codeql-action/upload-sarif@v4.35.1
+      with:
+        sarif_file: 'results.sarif'