Potential fix for code scanning alert no. 3: Workflow does not contain permissions

[MekDrop]

Potential fix for https://github.com/impresscms-dev/flattern-markdown-folder-structure-action/security/code-scanning/3

To fix the problem, explicitly declare a permissions: block for the job (or at the workflow root) that grants only the minimal scopes needed. This workflow needs to merge pull requests using GITHUB_TOKEN, which requires pull-requests: write and read access to repository contents; it does not need broad contents: write or other elevated scopes.

The best minimal fix without changing functionality is to add a permissions: section under the merge job in .github/workflows/dependabot.yml, between the if: condition and the steps: block. That block should set contents: read (for basic repo access) and pull-requests: write (to merge PRs). We do not need new imports or dependencies; this is pure workflow configuration.

Concretely:

• Edit .github/workflows/dependabot.yml.
• Under jobs: merge:, after the multiline if: condition and before steps:, insert:

    permissions:
      contents: read
      pull-requests: write

No other changes are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.