Re-enable CodeQL with Dynamic Approach

[ric-evans]

Currently, we're using a codeql.yml file, which may have been the original/only way to do this a couple of months back. Now, we can use the "Default" setup which enables a "dynamic" GHA (no yaml needed).

@dsschult if you didn't configure anything special back in #82, then there are no downsides to the dynamic approach. https://github.com/WIPACrepo/wipac-dev-tools uses this approach. The main pro is that there's less for us to manage--we'll always have the latest workflow.

[ric-evans]

compared to https://github.com/Observation-Management-Service/MQClient/blob/v1.0.3/.github/workflows/codeql.yml, which I replaced similarly, the only diff is the cron schedule

[dsschult]

That was the default config by LGTM. I think they're generally the same, the yaml just gives more flexibility if we want it.

One interesting feature:
https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning#avoiding-unnecessary-scans-of-pull-requests

[ric-evans]

if we want it

I'm not sure we do. Other than the security features, I've yet to see much I like about CodeQL that flake8 and mypy don't already provide. I'd like to ignore the config as much as possible and let GitHub do its best

[ric-evans]

I'm concerned packages will become out of date: https://github.com/WIPACrepo/rest-tools/blob/master/.github/workflows/codeql.yml#L30

[dsschult]

Sure, that's a relevant concern for all of our actions. You had some version checking bot for the setup action, right? Could that be applied here?

[ric-evans]

Right, it's built into the dependabot. I do think that would apply here--good point