PYTHON-5062 Add GitHub Actions CodeQL scanning (#40)

Author: blink1073

.github/workflows/codeql.yml

@@ -26,7 +26,7 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze ${{ matrix.language }}
     runs-on: ubuntu-latest
     timeout-minutes: 360
     permissions:
@@ -36,6 +36,12 @@ jobs:
       packages: read
       actions: read
       contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: python
+        - language: actions
 
     steps:
     - name: Checkout repository
@@ -52,7 +58,7 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
-        languages: python
+        languages: ${{ matrix.language }}
         build-mode: none
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         queries: security-extended
@@ -62,10 +68,11 @@ jobs:
             - 'test/**'
 
     - shell: bash
+      if: matrix.language == 'python'
       run: |
         pip install -e .
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
       with:
-        category: "/language:python"
+        category: "/language:${{ matrix.language }}"