grant checks:write so rustsec/audit-check can post results

The action completes the audit itself fine but fails to POST a check
run annotation without checks:write at the workflow level. Current
surfaced finding is RUSTSEC-2023-0086 (lexical-core 0.8.5 soundness,
informational only — no vulnerabilities).

Author: ewels

.github/workflows/ci.yml

@@ -11,6 +11,8 @@ concurrency:
 
 permissions:
   contents: read
+  # rustsec/audit-check posts results as a check run on the commit.
+  checks: write
 
 env:
   CARGO_TERM_COLOR: always