fix: add top-level permissions to maven.yml (#37) #6

	# Calls reusable scorecards workflow from cuioss-organization
	name: Scorecard supply-chain security

	on:
	branch_protection_rule:
	schedule:
	- cron: '20 7 * * 2'
	push:
	branches: [main]

	permissions:
	contents: read

	jobs:
	analysis:
	uses: cuioss/cuioss-organization/.github/workflows/reusable-scorecards.yml@9ce5ba83776bab80eeffb695f7374e334cf6bd9f # v0.2.0
	permissions:
	security-events: write
	id-token: write
	contents: read
	actions: read
	issues: read
	pull-requests: read
	checks: read

Provide feedback