ci: add CodeQL security scanning workflow

[justin-layerv]

Summary

Add GitHub CodeQL analysis workflow for automated security vulnerability scanning.

Workflow Triggers

• Push to main branch
• Pull requests to main branch
• Weekly scheduled scan (Monday 6 AM UTC)

Features

• Scans Go code for security vulnerabilities
• Uses security-and-quality query suite
• Results appear in GitHub Security tab
• Free for public repositories

Security Benefits

• Detects SQL injection, command injection, path traversal
• Catches code quality issues that could lead to vulnerabilities
• Continuous monitoring of codebase security posture

[justin-layerv]

This PR is failing because CodeQL default setup is already enabled on this repository. The default setup and advanced configuration (custom workflow file) cannot run simultaneously.

Options:

1. Close this PR - CodeQL is already running via default setup
2. Disable default setup in repo Settings → Code security → CodeQL analysis, then this workflow can take over

Since CodeQL default setup is already working (we can see Analyze (go) checks passing), I'd recommend closing this PR unless you specifically need the custom configuration (scheduled weekly scans, security-and-quality queries).

[justin-layerv]

Closing - CodeQL default setup is already enabled and working on this repository. No need for a custom workflow.