Enable CodeQL Advanced Security Scanning

[ghas-management]

CodeQL Workflow Update

This PR replaces your CodeQL workflow with a freshly generated version from the latest managed template (v1.1).

What triggered this update

• Template update — the managed template has a new version (v1.0 → v1.1)

How to review

The Files Changed tab shows the full diff between your current workflow and the new template-generated one.

Any customisations you had (custom steps, container image, build command, cron schedule, extra env vars, etc.) will appear as removed lines in the diff. Re-apply the ones you want to keep directly in this PR or after merging, the same way you would resolve a merge conflict.

Why a full replacement?

Workflow updates are intentionally delivered as a fresh workflow rather than a surgical patch. This gives you full visibility into what changed and avoids hidden conflicts between your customisations and the new template.

Next Steps

1. Open the Files Changed tab and review the diff
2. Re-apply any customisations you want to preserve
3. Merge to update to the latest template
4. Security findings continue to appear in the Security tab

---

This PR was automatically created by the GHAS management tool.

More details about EE AppSec can be found here. If you have any questions, please reach out to us via EE Teams/Slack channels or tag us with @ee-security in this PR.

If you believe your repository does not require automated security scanning, see our FAQ for guidance on how to proceed.

[1LNM]

Template update squashed initial comment unintentionally, please check edit versions for comment history