Replace LGTM static analysis with GitHub code scanning

[tzanio]

Originally motivated by LGTM.com shutting down, this PR replaces it with GitHub code scanning and adds a few more fixes in MFEM's GitHub actions:

• Added GitHub code scanning
• Disabled LGTM.com app
• Switched to ubuntu-latest
• Switched to macos-latest
• Switched to windows-latest (this required a change in mfem/github-actions/v2.2)
• Better GH Action names

After merging:

• Update requirements for master and next in https://github.com/mfem/mfem/settings/branches
• Update all PRs to use the new GH Actions

PR	Author	Editor	Reviewers	Assignment	Approval	Merge
#3162	@tzanio	@v-dobrev	@pazner + @v-dobrev	8/22/22	8/23/22	8/23/22

PR Checklist

• Code builds.
• Code passes make style.
• Update CHANGELOG:
  • Is this a new feature users need to be aware of? New or updated example or miniapp?
  • Does it make sense to create a new section in the CHANGELOG to group with other related features?
• Update INSTALL:
  • Had a new optional library been added? If so, what range of versions of this library are required? (Make sure the external library is compatible with our BSD license, e.g. it is not licensed under GPL!)
  • Have the version ranges for any required or optional libraries changed?
  • Does make or cmake have a new target?
  • Did the requirements or the installation process change? (rare)
• Update continuous integration server configurations if necessary (e.g. with new version requirements for each of MFEM's dependencies)
  • .github
  • .appveyor.yml
• Update .gitignore:
  • Check if make distclean; git status shows any files that were generated from the source by the project (not an IDE) but we don't want to track in the repository.
  • Add new patterns (just for the new files above) and re-run the above test.
• New examples:
  • All sample runs at the top of the example source file work.
  • Update examples/makefile:
    • Add the example code to the appropriate SEQ_EXAMPLES and PAR_EXAMPLES variables.
    • Add any files generated by it to the clean target.
    • Add the example binary and any files generated by it to the top-level .gitignore file.
  • Update examples/CMakeLists.txt:
    • Add the example code to the ALL_EXE_SRCS variable.
    • Make sure THIS_TEST_OPTIONS is set correctly for the new example.
  • List the new example in doc/CodeDocumentation.dox.
  • If new examples directory (e.g.examples/pumi), list it in doc/CodeDocumentation.conf.in
  • Companion pull request for documentation in mfem/web repo:
    • Update or add example-specific documentation, see e.g. the src/examples.md.
    • Add the description, labels and screenshots in src/examples.md and src/img.
    • In examples.md, list the example under the appropriate categories, add new categories if necessary.
    • Add a short description of the example in the "Extensive Examples" section of features.md.
• New miniapps:
  • All sample runs at the top of the miniapp source file work.
  • Update top-level makefile and makefile in corresponding miniapp directory.
  • Add the miniapp binary and any files generated by it to the top-level .gitignore file.
  • Update CMake build system:
    • Update the CMakeLists.txt file in the miniapps directory, if the new miniapp is in a new directory.
    • Add/update the CMakeLists.txt file in the new miniapp directory.
    • Consider adding a new test for the new miniapp.
  • List the new miniapp in doc/CodeDocumentation.dox
  • If new miniapps directory (e.g.miniapps/nurbs), add it to MINIAPP_SUBDIRS in the makefile.
  • If new miniapps directory (e.g.miniapps/nurbs), list it in doc/CodeDocumentation.conf.in
  • Companion pull request for documentation in mfem/web repo:
    • Update or add miniapp-specific documentation, see e.g. the src/meshing.md and src/electromagnetics.md files.
    • Add the description, labels and screenshots in src/examples.md and src/img.
    • The miniapps go at the end of the page, and are usually listed only under a specific "Application (PDE)" category.
    • Add a short description of the miniapp in the "Extensive Examples" section of features.md.
• New capability:
  • All new public, protected, and private classes, methods, data members, and functions have full Doxygen-style documentation in source comments. Documentation should include descriptions of member data, function arguments and return values, template parameters, and prerequisites for calling new functions.
  • Pointer arguments and return values must specify whether ownership is being transferred or lent with the call.
  • Any new functions should include descriptions of their intended use e.g. for internal use only, user-facing, etc., along with references to example code whenever possible/appropriate.
  • Consider adding new sample runs in existing examples to highlight the new capability.
  • Consider saving cool simulation pictures with the new capability in the Confluence gallery (LLNL only) or submitting them, via pull request, to the gallery section of the mfem/web repo.
  • If this is a major new feature, consider mentioning it in the short summary inside README (rare).
  • List major new classes in doc/CodeDocumentation.dox (rare).
• Update this checklist, if the new pull request affects it.
• Run make unittest to make sure all unit tests pass.
• Run the tests in tests/scripts.
• (LLNL only) After merging:
  • Update internal tests to include the new features.

[tzanio]

@pazner and @v-dobrev, this is ready-for-review now

I'm taking this back -- there are still issues :(

[tzanio]

OK, it should be ready now 😄

[pazner]

It looks like the static analysis isn't showing any alerts (we have fixed all the warnings?). Are the alerts configurable/are they set to the same settings as LGTM? It would be good to see what the alerts would look like and to make sure we aren't getting false negatives.

[v-dobrev]

This PR is now under review (see the table in the PR description). To help with the review process, please do not force push to the branch.

[v-dobrev]

A windows job failed again ... restarted ...

[pazner]

I managed to trigger the static analysis warning in #3168, this is what it looks like:

[v-dobrev]

@pazner, it looks like the code scanning did not catch the memory leak you added in AdamsMoultonSolver::~AdamsMoultonSolver() -- was this the same leak as the one that LGTM.com caught previously?

Edit: I now see that you also added a leak in ExplicitRKSolver::~ExplicitRKSolver() which was not caught either.

[pazner]

Yes, I actually added two intentional leaks, one is exactly the same at the LGTM one, as well as a new one. It didn't complain about either one of them. I don't know if this can be changed with configuration/additional checks.

[v-dobrev]

Merged in next for testing...

[tzanio]

I changed the settings in https://github.com/mfem/mfem/settings/security_analysis to the max levels. I am not aware of any additional settings at the GitHub.