Potential fix for code scanning alert no. 8: Workflow does not contain permissions

[rossaddison]

Potential fix for https://github.com/rossaddison/data-cycle/security/code-scanning/8

• In general, to fix this class of issue, add an explicit permissions: section either at the top level of the workflow (to affect all jobs) or within the specific job, setting only the scopes required (commonly contents: read for read‑only workflows).

• For this workflow, the best minimal fix without changing functionality is to add a top‑level permissions: block that grants read‑only access to repository contents. Static analysis via Psalm should only need to read code and metadata; it does not need to modify repository resources, so contents: read is appropriate.

• Concretely, modify .github/workflows/static.yml by inserting:

  permissions:
    contents: read

  between the name: static analysis line and the jobs: block.

• No additional methods, imports, or definitions are needed; this is purely a YAML workflow configuration change.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov-commenter]

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️