fix zizmor security alerts on GHA workflows

Signed-off-by: Guillaume Lours <[email protected]>

Author: glours

.github/workflows/ci.yml

@@ -77,8 +77,10 @@ jobs:
       -
         name: Prepare
         run: |
-          platform=${{ matrix.platform }}
+          platform=${ matrix.platform }
           echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+        env:
+          PLATFORM: ${{ matrix.platform }}
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3

.github/workflows/scorecards.yml

@@ -7,9 +7,6 @@ on:
   push:
     branches: [ "main" ]
 
-# Declare default permissions as read only.
-permissions: read-all
-
 jobs:
   analysis:
     name: Scorecards analysis
@@ -19,6 +16,18 @@ jobs:
       security-events: write
       # Used to receive a badge.
       id-token: write
+      # read permissions to all the other objects
+      actions: read
+      attestations: read
+      checks: read
+      contents: read
+      deployments: read
+      issues: read
+      discussions: read
+      packages: read
+      pages: read
+      pull-requests: read
+      statuses: read
 
     steps:
       - name: "Checkout code"