Add CodeQL scanner configuration

Borrowing from the Arduiino-ESP32

Author: earlephilhower

.github/codeql/codeql-config.yml

@@ -0,0 +1,28 @@
+name: "CodeQL config"
+
+packs:
+  - trailofbits/cpp-queries
+  - githubsecuritylab/codeql-cpp-queries
+  - githubsecuritylab/codeql-python-queries
+
+queries:
+  - uses: security-extended
+  - uses: security-and-quality
+
+query-filters:
+  - exclude:
+      query path:
+        - /^experimental\/.*/
+  - exclude:
+      tags contain:
+        - experimental
+  - exclude:
+      problem.severity:
+        - recommendation
+  - exclude:
+      id: tob/cpp/use-of-legacy-algorithm # We use legacy algorithms in many places for integrity checks
+  - exclude:
+      id: cpp/dead-code-goto # Too many false positives in no-build mode
+
+paths-ignore:
+  - tests/**