ci: grant security-events: write to SARIF-uploading jobs

Three jobs uploaded SARIF files to GitHub's Security tab but did not
declare the permission:
  - quality.yml Static Analysis — gosec → upload-sarif
  - security.yml Gosec Security Scan — gosec → upload-sarif
  - security.yml Trivy Scan — trivy → upload-sarif

All three failed with 'Resource not accessible by integration'. Added
the minimal scoped permissions block (contents: read + security-events:
write) per job. CodeQL already had it.

Author: Patel230

.github/workflows/quality.yml

@@ -10,7 +10,10 @@ jobs:
   static-analysis:
     name: Static Analysis
     runs-on: ubuntu-latest
-    
+    permissions:
+      contents: read
+      security-events: write
+
     steps:
     - uses: actions/checkout@v4
 

.github/workflows/security.yml

@@ -13,6 +13,9 @@ jobs:
   gosec:
     name: Gosec Security Scan
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
     steps:
     - uses: actions/checkout@v4
 
@@ -81,6 +84,9 @@ jobs:
   trivy:
     name: Trivy Scan
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
     steps:
     - uses: actions/checkout@v4