ci: add CodeQL workflow for code scanning

[notgitika]

The main branch ruleset requires CodeQL results but no workflow existed to produce them, blocking all PR merges.

Description

• Adds a .github/workflows/codeql.yml workflow that runs CodeQL analysis on pushes to main and PRs targeting main
• The main-protection-rule ruleset requires CodeQL results, but no workflow existed to produce them, blocking all PR merges (including chore: update supported frameworks to Strands Agents from Strands #314)
• Uses github/codeql-action/init@v3 and github/codeql-action/analyze@v3 for JavaScript/TypeScript analysis

Related Issue

Closes #315

Documentation PR

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Other (please describe):

Testing

How have you tested the change?

• I ran npm run test:all
• I ran npm run typecheck
• I ran npm run lint
• If I modified src/assets/, I ran npm run test:update-snapshots and committed the updated snapshots

Checklist

• I have read the CONTRIBUTING document
• I have added any necessary tests that prove my fix is effective or my feature works
• I have updated the documentation accordingly
• I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the
terms of your choice.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	8.32%	532 / 6392
🔵	Statements	7.99%	543 / 6793
🔵	Functions	5.61%	73 / 1300
🔵	Branches	6.14%	230 / 3743

Generated in workflow #350 for commit 0045b2c by the Vitest Coverage Report Action