ci: fix secret scan

Author: obycode

.github/workflows/secret-scan.yml

@@ -12,6 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      pull-requests: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -26,3 +27,5 @@ jobs:
           # Let the action run its default git-range scan and only pass
           # scanner options.
           args: --config .gitleaks.toml --redact
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}