Introduce Github CodeQL

[skonefal]

No description provided.

[cursor]

PR Summary

Low Risk
Low risk: adds a new GitHub Actions workflow for CodeQL scanning without changing application/runtime code; primary impact is CI time and potential new alerts/failures from security scanning.

Overview
Adds a new .github/workflows/codeql.yml GitHub Actions workflow to run CodeQL Advanced scanning for go on pushes to master and on a weekly cron schedule.

The workflow checks out the repo, initializes CodeQL with autobuild, and uploads analysis results via github/codeql-action/analyze with the required security-events permissions.

^{Reviewed by Cursor Bugbot for commit b3d43cf. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Missing pull_request trigger
  • Added a CodeQL pull_request trigger for the master branch so PRs are scanned before merge.

Or push these changes by commenting:

@cursor push ab531b0acc

Preview (ab531b0acc)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -14,6 +14,8 @@
 on:
   push:
     branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
   schedule:
     - cron: '26 19 * * 0'

_{You can send follow-ups to the cloud agent here.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit b3d43cf. Configure here.}