Added CodeQL scanning to GitHub actions.

[Eric-Butcher]

CodeQL is a feature from GitHub that scans code for defects and vulnerabilities.

I have used it before and it has helped out on a few occasions. I believe more (automated) eyes on the codebase reviewing PRs will be useful.

The checks here will run on every PR to main or a release branch, as well as every Monday morning.

The CodeQL suite is configured to security-extended which primarily focuses on security related issues rather than more broad code quality checks. This suite is a bit more aggressive than the default suite and sometimes may contain false-positives. These can simply be dismissed by a maintainer before merging the PR. This will check the Python and Javascript code.

CodeQL scanning is free for public open-source repos (such as this one).

The only downside is sometimes CodeQL can take a bit to run so it might slow down the CI a bit. Runs usually last a few minutes.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.