Fix permissions for CodeQL workflows (#16660)

After limiting permissions, our CodeQL workflow started failing.

This is because it needs some extra permissions as explained in
the github/codeql-action#464

This PR adds the required permissions.

(cherry picked from commit b8a9e9f)

.github/workflows/codeql-analysis.yml

@@ -67,7 +67,11 @@ jobs:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
         language: ['python', 'javascript']
-
+    permissions:
+      actions: read
+      contents: read
+      pull-requests: read
+      security-events: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2