feat(codeql): Add CodeQL analysis for interpreted languages

[lucasssvaz]

Description of Change

This pull request introduces CodeQL integration for static code analysis, focusing on enhancing security and quality checks for the repository. It includes updates to the CODEOWNERS file, a new CodeQL configuration file, and workflows for analyzing Actions and Python code. Below are the most important changes grouped by theme:

Code Ownership Update:

• .github/CODEOWNERS: Added @lucasssvaz as the code owner for the .github/codeql/ directory.

CodeQL Configuration:

• .github/codeql/codeql-config.yml: Created a new CodeQL configuration file specifying query packs, filters, and paths to ignore during analysis. This improves the granularity and focus of the CodeQL checks.

GitHub Actions for CodeQL Analysis:

Actions Analysis:

• .github/workflows/codeql_actions.yml: Added a workflow for analyzing GitHub Actions code using CodeQL. It triggers on push to master, pull_request changes to workflow files, and manual dispatch.

Python Analysis:

• .github/workflows/codeql_python.yml: Added a workflow for analyzing Python code using CodeQL. It triggers on push to master, pull_request changes to Python files, and manual dispatch.

Tests scenarios

Tested on my fork.
https://github.com/lucasssvaz/arduino-esp32/pull/51/files/18920ee4b293c28dfd03b3bc895d17841024c03e#diff-21f48161ad48f4a72649224c1a8aef5bf2d2b15c9f6b612e325d7ae3748c94e8R19

[github-actions]

	Messages
📖	🎉 Good Job! All checks are passing!

👋 Hello lucasssvaz, we appreciate your contribution to this project!

---

📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more.

---

🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project.

---

Click to see more instructions ...

This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...

We do welcome contributions in the form of bug reports, feature requests and pull requests.

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
4. If the change is approved and passes the tests it is merged into the default branch.

Generated by 🚫 dangerJS against 25da753

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.