Re-enable passing the codescanning config file to the CLI

[aeisenberg]

This PR un-reverts #1018

Additionally, it adds the fix for adding queries and packs from the actions input into the codescanning config file before it is sent to the CLI.

When the + is used, the actions input value is combined with the config value and when it is not used, the input value overrides the config value.

This commit also adds a bunch of integration tests for this feature. In order to avoid adding too many new jobs, all of the tests are run sequentially in a single job (matrixed across relevant operating systems and OSes).

Recommended to look at the commits individually. The first commit is the un-revert. The second commit is the new work.

This change is currently hidden behind an environment variable. I will probably convert this into a feature flag before getting external users to try this.

Merge / deployment checklist

• [x] Confirm this change is backwards compatible with existing workflows.
• [x] Confirm the readme has been updated if necessary.
• [x] Confirm the changelog has been updated if necessary.

[aeisenberg]

@edoardopirovano since you have experience with this part of the code, can you do a review?

[edoardopirovano]

@edoardopirovano since you have experience with this part of the code, can you do a review?

Yes, I'll aim to take a look tomorrow.

[aeisenberg]

Hmmm...the job is failing now because latest-nightly is still 2.10.0 and the feature is not being used. I think I need to hold off on merging until 2.10.1 is available as the latest nightly.

[aeisenberg]

Code-Scanning config CLI tests / Code Scanning Configuration tests (ubuntu-latest, cached) failing because "cached" is still 2.10.0. Need to wait for 2.10.1.

[aeisenberg]

Thanks for the review. We are one step closer to removing this technical debt.