Add CodeQL Analysis workflow for enhanced code security scanning

[Copilot]

This PR adds a GitHub CodeQL Analysis workflow to enhance the repository's security posture by automatically scanning for vulnerabilities and code quality issues.

What's Added

The new CodeQL workflow (.github/workflows/codeql.yml) provides:

• Automated Security Scanning: Uses GitHub's CodeQL engine to detect security vulnerabilities, bugs, and code quality issues
• Multi-Language Support: Configured to analyze both Python and TypeScript/JavaScript, the primary languages in this repository
• Comprehensive Triggers: Runs on:
  • Pull requests to main branch
  • Pushes to main branch
  • Weekly scheduled scans (Mondays at 14:24 UTC)
• Latest Actions: Uses the most recent CodeQL action versions (@v4 for checkout, @v3 for CodeQL actions)
• Proper Permissions: Configured with minimal required permissions for security events and code analysis

Repository Analysis

The workflow targets the repository's primary languages based on file analysis:

• Python: 253 files across the /python/ directory structure
• TypeScript/JavaScript: 176 files in the /typescript/ directory

Implementation Details

The workflow follows GitHub's recommended CodeQL template and uses:

• Matrix strategy for parallel language analysis
• No-build mode for both languages (appropriate for interpreted languages)
• Standard timeout and runner configurations
• Proper error handling and logging

This implementation aligns with the existing CI/CD pipeline and complements the current linting and testing workflows already in place.

This pull request was created as a result of the following prompt from Copilot chat.

Add a CodeQL Analysis workflow to this repository to enhance code security and identify vulnerabilities. Use the standard CodeQL workflow template provided by GitHub and target the primary programming languages used in this repository. Ensure the workflow runs on pull requests and pushes to the default branch.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Note

Add a CodeQL workflow to scan JS/TS and Python on PRs, pushes to main, and a weekly schedule.

• CI/CD:
  • New CodeQL workflow in .github/workflows/codeql.yml:
    • Analyzes javascript-typescript and python with build-mode: none via a matrix.
    • Triggers: push and pull_request to main, plus weekly cron.
    • Uses actions/checkout@v4 and github/codeql-action init/analyze@v3.
    • Configures minimal required permissions, timeouts, and Ubuntu runners.

^{Written by Cursor Bugbot for commit 5717cf0. This will update automatically on new commits. Configure here.}