* Added explicit read permissions + tweaked permissions
As a part of #4698 - this should fix the remaining warnings we get from the OSSF scorecard in relation to github workflows. They now all have explicit read permissions with more granular permissions granted in jobs.
* Update tfsec.yml
New workflow that I had not fixed in this PR.
* Adding permissions to docs.yml and integration.yml
* Update codeql-analysis.yml
Adding top level read permissions to codeql workflow
* Update codeql-analysis.yml
Adding manual dispatch to codeql - to be able to test it easier
* Update deploy-fleet-website.yml
Adding top level read permission + write in the job so it can push the website
* Update test-website.yml
test-website should only need read permissions on content.
* Update fleet-and-orbit.yml
Testing Fleet and Orbit should be fine with top level read access
* Update fleetctl-preview.yml
fleetctl-preview should be fine with just read access at top level
* Update push-osquery-perf-to-ecr.yml
ECR is out of github so read permissions should be enough
* Update semgrep-analysis.yml
semgrep should only need read
* Update test-packaging.yml
Should only need read permission - setting on top
* Update test.yml
Should not need any write access - setting to READ on top.
* Update deploy-fleet-website.yml
Removing git write permission - since this pushes to Heroku not GitHub
* Tweaked as per Zach's comments
Removed some useless restrictions (contents none on a public repo for example)
* Removed meaningless permissions
contents: none - this does not have any security advantage on a public repo
* Upgrade to get rid of REPL schmutz
* rename workflow to lessen ambiguity vs. markdown compilation of docs
* ensure lockfile makes it to fleetdm.com prod
* skip force git add of package-lock to avoid confusion for now. (reverts 4e7e23990c472e84f3f24391ef360a175f725609)
* rename build script (because now it won't always be markdown source files)
* update metadata to match prev commit
* change key name in generated sailsrc for consistency
* stub query library page
* used named params so others can tell what's up with the forcing
* expand comments
* expand comments
* intermediate commit- playing with inlining the guts from doctemplater
* stub basic docpage shell and a little page to preview that on
* Compile YAML and set up query library page
* clean sailsrc
* optimize build by running everything in parallel
* Add note about the fact that we don't even need to clone anything since we've consolidated it all into one repo now. facepalm
* un-parallelize one bit that fails in CI if it's parallelized (it'll go away soon anyway)
