The new code scanner is complaining that actions have permissions to do too much. It wasn't obvious to me what permissions the jobs need, but let's see how this works.