common: fix scan permissions

Signed-off-by: Tomasz Gromadzki <[email protected]>

.github/workflows/scans.yml

@@ -14,12 +14,13 @@ jobs:
     uses: ./.github/workflows/scan_bandit.yml
     name: Bandit
   call-codeql:
-    uses: ./.github/workflows/scan_codeql.yml
-    name: CodeQL
     permissions:
       actions: read
       contents: read
       security-events: write
+    uses: ./.github/workflows/scan_codeql.yml
+    name: CodeQL
+
   call-coverity:
     # Sorry, no other branches are supported. The result upload would fail.
     if: github.ref == 'refs/heads/master'