Re-enable CodeQL static analysis workflow

[joshrotenberg]

Problem

CodeQL workflow was temporarily removed in PR #23 due to persistent extension pack failures. The pr-diff-range extension pack was generating "undefined" values for the restrictAlertsTo predicate, causing analysis to fail.

Error Details

ERROR: In extension for codeql/util:restrictAlertsTo, row X is invalid. 
Found '"undefined", "undefined", "undefined"', which does not match the signature 
'restrictAlertsTo(string filePath, int lineStart, int lineEnd)'.

Attempted Fixes

1. ✅ Replaced Autobuild with manual cargo build --all-features
2. ✅ Added explicit queries: +security-and-quality
3. ✅ Added fetch-depth: 0 for full git history
4. ❌ None resolved the extension pack issue

Current Status

• CodeQL workflow removed to unblock CI
• Other security measures remain: cargo-deny, clippy, tests
• Need to investigate and re-implement CodeQL analysis

Solution Options

1. Disable PR filtering entirely - Run CodeQL on full codebase without diff filtering
2. Use older CodeQL action version - Try version without pr-diff-range extension
3. Custom CodeQL configuration - Manual setup without problematic extensions
4. Wait for upstream fix - Monitor GitHub's codeql-action for extension pack fixes

Acceptance Criteria

• CodeQL analysis runs successfully on PRs and main branch
• No "undefined" values in restrictAlertsTo predicate
• Security analysis covers Rust code comprehensively
• CI pipeline remains fast and reliable

Priority

Medium - Security analysis is valuable but not blocking development

[joshrotenberg]

Closing - security analysis is covered by cargo-audit in our CI pipeline, which handles dependency vulnerability scanning. CodeQL would add maintenance overhead without significant additional benefit.