Add a permissions block for generated workflows

Ensure that all workflows are able to write security events.

pr-checks/sync.py

@@ -23,7 +23,6 @@ header = """# Warning: This file is generated automatically, and should not be m
 
 """
 
-
 class NonAliasingRTRepresenter(ruamel.yaml.representer.RoundTripRepresenter):
     def ignore_aliases(self, data):
         return True
@@ -71,6 +70,9 @@ for file in os.listdir('checks'):
             }
         },
         'name': checkSpecification['name'],
+        'permissions': {
+            'security-events': 'write'
+        },
         'runs-on': '${{ matrix.os }}',
         'steps': steps
     }