ci: enable CodeQL SAST scanning for automated security analysis

[RishavTiwari25]

This Pull Request fixes/closes #5150

It changes the following:

• Implements a new .github/workflows/codeql.yml workflow using GitHub's native github/codeql-action.
• Enables automated Static Application Security Testing (SAST) specifically configured for rust to scan the main codebase and newly opened PRs for deeply-nested logical security bugs.
• Acts as a highly resilient read-only observability layer, pushing located execution flaws, out-of-bounds writes, or logic manipulation alerts straight to the GitHub "Security" tab.
• Operates totally independently from existing tests and cargo commands, utilizing safe contents: read permissions.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[github-actions]

Test262 conformance changes

Test result	main count	PR count	difference
Total	52,963	52,963	0
Passed	50,073	50,073	0
Ignored	2,072	2,072	0
Failed	818	818	0
Panics	0	0	0
Conformance	94.54%	94.54%	0.00%

Tested main commit: 055ee0958ce332f3f99af27536a7c6f9a91def27
Tested PR commit: f3e3ffbc8b4057b9d292474a9c725c6f1c7c6f6a
Compare commits: 055ee09...f3e3ffb

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.51%. Comparing base (6ddc2b4) to head (f3e3ffb).
⚠️ Report is 890 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #5151       +/-   ##
===========================================
+ Coverage   47.24%   59.51%   +12.27%     
===========================================
  Files         476      580      +104     
  Lines       46892    63181    +16289     
===========================================
+ Hits        22154    37602    +15448     
- Misses      24738    25579      +841     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jedel1043]

Maybe let's not run this on PRs and pushes. I imagine SASL analysis is a heavy action, so we kinda don't have the CI capacity to run this constantly