chore(ci): move CodeQL to advanced mode via dedicated workflow

[eranhirsch]

This is required by the openssf scorecard to validate that static analysis (CodeQL) is run on every commit pushed to main, whereas the default CodeQL config might chose to skip running it.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[netlify]

✅ Deploy Preview for trusting-lumiere-9c7fad ready!

Name	Link
🔨 Latest commit	a6b1006
🔍 Latest deploy log	https://app.netlify.com/projects/trusting-lumiere-9c7fad/deploys/6989fe5d45b29e00088425cc
😎 Deploy Preview	https://deploy-preview-1286--trusting-lumiere-9c7fad.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (49b40aa) to head (a6b1006).
⚠️ Report is 10 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main     #1286   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          174       174           
  Lines         1622      1622           
  Branches       392       392           
=========================================
  Hits          1622      1622           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pkg-pr-new]

• @remeda/stackblitz-template

  npm i https://pkg.pr.new/remeda@1286
  

commit: a6b1006

[Copilot]

Pull request overview

Adds a dedicated “CodeQL Advanced” GitHub Actions workflow to ensure CodeQL static analysis runs on every push to main (and also on PRs), aligning with OpenSSF Scorecard expectations.

Changes:

• Introduces a new CodeQL Advanced workflow triggered on push to main and pull_request.
• Runs CodeQL analysis via a language matrix (actions, javascript-typescript) using the security-and-quality query suite.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🎉 This PR is included in version 2.33.7 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀