QL: detect unqueryable code

[erik-krogh]

trafficstars

Similar to ql/dead-code, but does not consider public APIs as live.

That means any code that doesn't affect any (known) query is flagged.
The query is therefore good at detecting untested code or code that could be deprecated (:eyes: Python).

Shared files where not all languages use all the features have a tendency to be flagged, so a bunch of those have been manually excluded.

There is a whole bunch of existing alerts where unused code exists for completeness, or where the code is only used by queries outside of the github/codeql repo.
So even though there are plenty of results, most of the results should not be fixed.

I still think it's a nice query to have, as it has found some obvious bugs in e.g. JS and GO (see the PRs below).

---

PRs from this query: Python: https://github.com/github/codeql/pull/10317 JS: https://github.com/github/codeql/pull/8422 Go: https://github.com/github/codeql/pull/10475 Ruby: https://github.com/github/codeql/pull/10476 Java: https://github.com/github/codeql/pull/10486 C: https://github.com/github/codeql/pull/10573 C#: https://github.com/github/codeql/pull/10584

[erik-krogh]

I reverted the DataFlowUtil.qll deprecations, and deleted some stuff in various /internal/ folder (where it doesn't seem to be exposed elsewhere).

~~And there's a reason I've set the @problem.severity recommendation, because there's plenty of code that is intentionally unqueryable. But I think it's good to be aware of it.~~