fix(ci): add statuses: write permission to sonar.yml for PR decoration

[Rahul Dass (rahuldass19)]

Problem

SonarCloud analysis was running (project visible on dashboard,
coverage tracked) but not appearing as a status check on pull requests.

Root cause

sonar.yml was missing statuses: write permission. Without it,
the SonarCloud action cannot post commit status checks back to GitHub —
so the check runs silently but never shows on the PR.

Fix

 permissions:
   contents: read
   pull-requests: read
+  statuses: write

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

* **Chores**
  * Updated GitHub Actions workflow permissions configuration.

<!-- review_stack_entry_start -->

[![Review Change Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/QWED-AI/qwed-a2a/pull/24?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

[coderabbitai]

Warning

Review limit reached

@rahuldass19, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 57 minutes and 31 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 51375d5f-bec1-4b98-b3ae-3469922ea431

📥 Commits

Reviewing files that changed from the base of the PR and between 1205534 and 2438bc4.

📒 Files selected for processing (1)

• README.md

📝 Walkthrough

Walkthrough

This PR adds statuses: write permission to the Sonar GitHub Actions workflow, enabling the workflow to post commit status checks to the repository.

Changes

Sonar Workflow Permissions

Layer / File(s)	Summary
Workflow permissions for status updates .github/workflows/sonar.yml	Sonar workflow permissions extended with statuses: write to enable posting commit status checks.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• QWED-AI/qwed-a2a#23: Added the original sonar.yml workflow with initial permissions; this PR extends those permissions to include statuses: write for status check posting.

Poem

🐰 A tiny permission slips through the gate,
"Write to the statuses!" the workflow does state,
No longer read-only, it posts with delight,
Sonar checks passing, the commit burns bright! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main change: adding the 'statuses: write' permission to sonar.yml to enable PR decoration for SonarCloud analysis.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/sonar-pr-decoration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}