deps: bump azure/login v3, codeql-action v4.35.1

[raelga]

AROSLSRE-656

What

Bumps GitHub Actions dependencies:

• azure/login: v2.2.0 → v3 (Node.js 20 → 24, updated dependencies)
• github/codeql-action: v4.33.0 → v4.35.1 (incremental analysis improvements, Git version fix)

Why

Keep CI actions up to date with security and compatibility fixes.

Testing

• Verify aro-hcp-login-check workflow runs successfully
• Verify runbook-cicd workflow runs successfully
• Verify codeql-analysis workflow runs successfully

Special notes for your reviewer

Closes #4680
Closes #4499

[Copilot]

Pull request overview

Updates pinned GitHub Actions used by CI workflows to newer versions, keeping authentication and security scanning up to date.

Changes:

• Bump azure/login from v2.2.0 to v3 (pinned by commit SHA) in workflows that perform Azure CLI login.
• Bump github/codeql-action from v4.33.0 to v4.35.1 (pinned by commit SHA) for CodeQL init/autobuild/analyze steps.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/runbook-cicd.yml	Updates azure/login to v3 for the bicep dry-run and main-branch deploy jobs.
.github/workflows/aro-hcp-login-check.yml	Updates azure/login to v3 for the PR fork/login guard workflow.
.github/workflows/codeql-analysis.yml	Updates CodeQL init/autobuild/analyze actions to v4.35.1.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[openshift-ci]

@raelga: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/cspr	713ec34	link	true	/test cspr

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[inbharajmani]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inbharajmani, raelga

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• .github/OWNERS [raelga]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment