Add explicit permissions block for security best practices

Co-authored-by: OneSizeFitsQuorum <[email protected]>

Author: Copilot

.github/workflows/vulnerability-check.yml

@@ -17,6 +17,8 @@ jobs:
   dependency-check:
     if: ${{ github.event_name == 'workflow_dispatch' || github.repository == 'apache/iotdb' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - uses: actions/checkout@v4