ci: fix dependabot can not access the secrets

[liangyuanpeng]

What type of PR is this?

/kind cleanup What this PR does / why we need it:

PartOf https://github.com/karmada-io/karmada/issues/4761

skip the push event for dependabot

Which issue(s) this PR fixes: Fixes #4761

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

[liangyuanpeng]

/assign @RainbowMango

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 51.76%. Comparing base (ff7322a) to head (b825b35). Report is 38 commits behind head on master.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #4762 +/- ## ========================================== - Coverage 51.79% 51.76% -0.04% ========================================== Files 250 250 Lines 24991 24982 -9 ========================================== - Hits 12945 12932 -13 - Misses 11337 11341 +4 Partials 709 709 ``` | [Flag](https://app.codecov.io/gh/karmada-io/karmada/pull/4762/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=karmada-io) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/karmada-io/karmada/pull/4762/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=karmada-io) | `51.76% <ø> (-0.04%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=karmada-io#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[liangyuanpeng]

https://github.com/github/codeql-action/pull/435#issuecomment-810350417 Although perhaps you could add "Uploading code scanning results requires write access." as second sentence?

I found the PR for this warnning log and seems like it just wanted to draw people's attention to the fact that this requires write permissions.

So just add permission for this workflow to resolve it, keeping on push event to trigger it.

PTAL,Thanks. /cc zhzhuang-zju @RainbowMango

[liangyuanpeng]

And it's verifyed on my fork repo, check https://github.com/liangyuanpeng/karmada/actions/runs/8518835905/job/23331711824?pr=53

[zhzhuang-zju]

I found the PR for this warnning log and seems like it just wanted to draw people's attention to the fact that this requires write permissions.

@liangyuanpeng Thanks for your work! This warning log is indeed very confusing. Since it's just a permissions issue, I think your change is appropriate.

[liangyuanpeng]

PTAL,Thanks.

@RainbowMango @zhzhuang-zju

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[.github/workflows/OWNERS](https://github.com/karmada-io/karmada/blob/master/.github/workflows/OWNERS)~~ [RainbowMango] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment