Update sonar.yml permissions

[joycebrum]

I've noticed that the sonar.yml workflow was not with top level permission defined.

Looking into https://github.com/SonarSource/sonarcloud-github-c-cpp it was not clear which permissions should be granted and, considering that a SONAR_TOKEN is required I wasn't able to test. I'll wait for the CI to run here on the PR to see if it will be enough.

Related to #145 and #146

[joycebrum]

Just a FYI: I believe that on pull request trigger does not have access to secrets due to security reasons (it is possible to explore a pull_request trigger or a pull_request_target with checkout to expose secrets)

See Controlling changes from forks to workflows in public repositories

Although workflows from forks do not have access to sensitive data such as secrets [...]

So the sonar.yml won't run with success on forked pull requests because the secret (SONAR_TOKEN) won't be available.

[joycebrum]

Hi! Friendly ping here! Let me know if you need my help on addressing any changes on this PR 😄

[manugarg]

Read-only should be good enough here. I'll merge this and see if something breaks.

Also, I'll limit when sonar workflow runs.