ci: add codeql analysis in workflows

[jasonliu747]

Signed-off-by: Jason Liu jasonliu747@gmail.com

Ⅰ. Describe what this PR does

CodeQL is the analysis engine used by developers to automate security checks, and by security researchers to perform variant analysis.

In CodeQL, code is treated like data. Security vulnerabilities, bugs, and other errors are modeled as queries that can be executed against databases extracted from code.

This PR would allow our CI to discover vulnerabilities across a codebase with CodeQL.

[codecov]

Codecov Report

Merging #240 (11960e3) into main (bdd719b) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #240   +/-   ##
=======================================
  Coverage   67.17%   67.17%           
=======================================
  Files         145      145           
  Lines       15261    15261           
=======================================
  Hits        10251    10251           
  Misses       4241     4241           
  Partials      769      769           

Flag	Coverage Δ
unittests	67.17% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[jasonliu747]

/hold for remaining issues

• fix: incorrect coversion of an integer #242
• log unsanitized in pkg/runtimeproxy/server/docker/handler.go @ZYecho
• log unsanitized in pkg/koordlet/audit/auditor.go @saintube

[hormes]

/approve

[koordinator-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hormes

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [hormes]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment