Add CodeQL Advanced configuration

[Zeitsperre]

Pull Request Checklist:

• This PR addresses an already opened issue (for bug fixes / features)
  • This PR fixes #xyz
• Tests for the changes have been added (for bug fixes / features)
  • (If applicable) Documentation has been added / updated (for bug fixes / features)

What kind of change does this PR introduce?

• Adds a CodeQL security scanning workflow

Does this PR introduce a breaking change?

• No.

Other information:

This is strongly encouraged for Open Source projects on GitHub.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[huard]

Looking at the current vulnerabilities found, it wasn't clear to me whether they were real or not. So I'll let James judge whether this is useful.

[analytophile]

Trevor - maybe we can reduce the time frequency of scans here. Aside from that, seems useful.

[Zeitsperre]

@analytophile Sounds good. I'll adjust that in another small PR.

@huard The default configuration is very often, since the vulnerability database is constantly updating the patterns to look for. We can reduce this number to monthly, but I would still run this on all commits.