Fix workflow permissions for publishing security assets to releases

.github/workflows/release.yaml

@@ -31,8 +31,8 @@ jobs:
  check:
  runs-on: ubuntu-latest
  permissions:
- contents: read
  packages: write 
+ contents: write # publish sbom to GH releases/tag assets
  steps:
  - name: Checkout repository
  uses: actions/checkout@v3
@@ -46,6 +46,7 @@ jobs:
  dir: .
  upload-sbom-release-assets: true
 
+
  # Build docker images
  build-images:
  runs-on: ubuntu-latest
@@ -108,7 +109,7 @@ jobs:
  scan-images:
  runs-on: ubuntu-latest
  permissions:
- contents: read
+ contents: write # For publishing assets to releases
  packages: write
  needs: [check, build-images]
  if: >