Updates to the Java and VS Code docs

[felicitymay]

This pull request is ready for review. It's been a little rushed so may have more typos than I'd like 😞

Main changes:

1. Content about data extensions and their format moved from Customizing Library Models for Java into a new reference article, currently called: "Data extensions to model your Java/Kotlin dependencies".
2. Data about extensible predicates consolidated in "Extensible predicates and their interaction with data extensions"
3. New article about how to create models using the VS Code extension.

I'd like to follow up with a tutorial demonstrating the method for modeling a few API calls, but this will need help from an expert to find a suitable example.

[felicitymay]

@michaelnebel - here is the whole PR that we were discussing.

[subatoi]

Looks good—only minor comments, some of which are probably not relevant. Don't feel the need to respond individually, just resolve as you see fit. Happy to take another look after it's been through technical review 👍

[robertbrignull]

I've only read through docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst, because that's the part I'm most familiar with. I spotted a few typos, but the article as a whole looks good to me and all of the information is correct.

[felicitymay]

@subatoi and @robertbrignull - thank you so much for finding time to review this so soon after I posted it. Clearly I should have waited until I took a look this morning, but thanks for fixing all my typos and for the other suggestions 💖

Robert - thank you particularly for checking the technical accuracy of the VS Code extension information. That's great to hear 🎉

All suggestions applied. I suspect that the larger question is over whether or not the content is split and organized appropriately, and I've no doubt James will have some thoughts on that.

[felicitymay]

It looks as if I probably need to retarget these changes against a GHES branch, but I'll leave worrying about that for now.

[jf205]

I think this is looking pretty good already @felicitymay. Thank you! ❤️
I've added a few comments so far which i think can be addressed any time. I'm going to take a second look and will probably end up adding some more.

[michaelnebel]

but they are not used by other teams in your organization. -> and if the sourcecode of the framework or library is not included in the analysis.
One could imagine a non-monolith architecture where a project has dependencies to internal packages, but where the source code of these are not included in the analysis.

[michaelnebel]

Data extensions are more general than the specific extensible predicates used for MaD modelling. We could imagine other uses cases than MaD for data extensions - we expect to use extensible predicates for threat modelling as well.

[felicitymay]

Thanks for flagging this. I'll leave @jf205 to decide whether we should generalize this now, or in the future when document threat modeling ✨

[michaelnebel]

@michaelnebel - here is the whole PR that we were discussing.

Great - thank you 👍 I see that you incorporated the changes from #13864 which I will go ahead and close 😄

[subatoi]

Just had some further tiny non-blocking comments on second content review, but this is looking like an awesome piece of work 👍

[felicitymay]

Many thanks for the most recent review comments @jf205. I've merged those, and will make the changes locally to fix he length of the header-underlining and rename the article (which I omitted in my earlier update).

[felicitymay]

Apologies for the force push and noise, but I needed to rebase this on the rc/3.11 branch.

[felicitymay]

It would be great if we could merge this before @alexet creates the next release candidate branch for the CodeQL CLI release, but I need another approval.

[felicitymay]

Thanks for the approval ✨

The tests seem to be running slowly, but hopefully will pass eventually 🤞🏻