Merge pull request #406 from CovertLab/read-actions

Upload SARIF action requires `actions: read` permission on private repo

Author: thalassemia

.github/workflows/docker_security.yml

@@ -21,6 +21,7 @@ jobs:
   buildx:
     permissions:
       contents: read
+      actions: read            # Required for upload-sarif to get workflow run info
       security-events: write   # Required for uploading SARIF results
       pull-requests: write     # Required for PR comments summarizing vulnerabilities
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository