Speed up CI with concurrency groups and targeted CodeQL builds

[dfed]

Summary

• Add concurrency groups to both CI and CodeQL workflows so new pushes on a PR branch cancel in-progress runs
• Main branch and scheduled runs are never cancelled — each gets a unique group via github.run_id
• Build only SafeDI and SafeDITool targets in debug mode for CodeQL instead of a full release build of everything
• Clean up redundant xcode-select call and stale comments in CodeQL workflow

Context

Investigated pre-building dependencies before CodeQL init to avoid tracing swift-syntax compilation. This doesn't work for Swift — CodeQL replaces the Swift compiler with a tracing wrapper, which invalidates SPM's entire build cache.

Instead, we reduce CodeQL build time by:

1. Debug mode (SPM default) — skips release optimizations that CodeQL doesn't need
2. Targeted builds — only SafeDI and SafeDITool, skipping test targets

Test plan

• Verify CodeQL workflow completes successfully with targeted debug build
• Compare Swift analysis job duration against the ~57 min baseline on main
• Push twice in quick succession on a PR to confirm stale runs get cancelled

🤖 Generated with Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (1372465) to head (1ee60a6).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #240   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           41        41           
  Lines         5772      5772           
=========================================
  Hits          5772      5772           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.