ci: add CodeQL security scanning

[smorimoto]

As the title says.

Checklist

• npm test passes
• tests are included
• documentation is changed or added
• contribution guidelines followed
  here

[codecov-io]

Codecov Report

Merging #844 (222bcdb) into main (e1716d6) will increase coverage by 0.00%.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #844   +/-   ##
=======================================
  Coverage   96.12%   96.12%           
=======================================
  Files          31       31           
  Lines         929      930    +1     
=======================================
+ Hits          893      894    +1     
  Misses         36       36           

Impacted Files	Coverage Δ
lib/grab-project.js	92.00% <0.00%> (+0.16%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e1716d6...222bcdb. Read the comment docs.

[targos]

It is not clear to me what CodeQL scanning can do for CITGM.

[smorimoto]

@targos Well, it used to be known as LGTM, but now it's part of GitHub and continues to improve in open place.

[MylesBorins]

Hey all, I made a boo boo on main and had to force push. I've rebased this branch and force pushed to make sure that you don't have to do extra work because of my mistake

[smorimoto]

There is no problem at all.