Add CodeQL analysis for GitHub Actions

- Add CodeQL analysis for GitHub Actions.
- Refactor permissions.
- Add overall job/status for all languages.
- Standardize workflow with other repos.

Author: martincostello

.github/workflows/code-scan.yml renamed to .github/workflows/codeql.yml

@@ -1,4 +1,4 @@
-name: code-scan
+name: codeql
 
 on:
   push:
@@ -10,23 +10,23 @@ on:
       - dotnet-nightly
   schedule:
     - cron: '0 6 * * 1'
+  workflow_dispatch:
 
-permissions:
-  actions: read
-  contents: read
+permissions: {}
 
 jobs:
-  code-ql:
-
+  analysis:
     runs-on: ubuntu-latest
 
     permissions:
+      actions: read
+      contents: read
       security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'csharp', 'javascript' ]
+        language: [ 'actions', 'csharp', 'javascript' ]
 
     steps:
     - name: Checkout repository
@@ -43,3 +43,22 @@ jobs:
       uses: github/codeql-action/analyze@v3
       with:
         category: '/language:${{ matrix.language }}'
+
+  codeql:
+    if: ${{ !cancelled() }}
+    needs: [ analysis ]
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Report status
+      shell: bash
+      env:
+        SCAN_SUCCESS: ${{ !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+      run: |
+        if [ "${SCAN_SUCCESS}" == "true" ]
+        then
+          echo 'CodeQL analysis successful ✅'
+        else
+          echo 'CodeQL analysis failed ❌'
+          exit 1
+        fi