[Feature] Adds CodeQL to the SDLC process

[ahpaleus]

Description

This Pull Request adds the CodeQL to the SDLC (as a GitHub Action) of the Snipe-IT project. It helps to discover vulnerabilities in the JavaScript codebase. Also, to show its potential - the pull request contains a small fix that was identified by the CodeQL (ReDoS vulnerability) in the Chart.JS library. The current configuration is to perform analysis on the master branch upon a push. The results are presented in the GitHub Advanced Security code scanning dashboard.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• This change requires a documentation update

How Has This Been Tested?

It was tested on the Snipe-IT's fork (on the master branch).

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines
• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[welcome]

💖 Thanks for this pull request! 💖

We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already.

Examples of commit messages with semantic prefixes:

• Fixed #<issue number>: don't overwrite prevent_default if default wasn't prevented
• Added #<issue number>: add checkout functionality to assets
• Improved Asset Checkout: use new notification method for checkout

Things that will help get your PR across the finish line:

• Document any user-facing changes you've made.
• Include tests when adding/changing behavior.
• Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

[snipe]

As I mentioned elsewhere, we already do a lot of these scans inside and outside of Github. I guess I'll merge this for now, but it doesn't seem needed, since we are already using code quality tooling within the SDLC.

[welcome]

Congrats on merging your first pull request! 🎉🎉🎉