Add security-events permission to upload SARIF results

[enrichman]

It looks like to upload the reports we need to add the security-events permission to the workflow:

• https://github.com/rancher/k3k/actions/runs/19134598870/job/54683395103

Checking the integration we need to add security-events: write to upload SARIF results.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.77%. Comparing base (2b6441e) to head (6554281).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #550      +/-   ##
==========================================
+ Coverage   59.58%   59.77%   +0.19%     
==========================================
  Files          56       56              
  Lines        5151     5151              
==========================================
+ Hits         3069     3079      +10     
+ Misses       1798     1795       -3     
+ Partials      284      277       -7     

Flag	Coverage Δ
cli	53.75% <ø> (+0.49%)	⬆️
controller	58.51% <ø> (+0.10%)	⬆️
e2e	58.51% <ø> (+0.10%)	⬆️
unit	41.52% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.