`CodeQL` default configuration for external-based forks

[pcaversaccio]

As recommended, I use the default setup for CodeQL. I also require the CI scans in my protected branches. However, whenever there is an external-fork-based PR, the scans are not run (= status is never reported). Example:

For internal-branch-based PRs it works smoothly, so it seems the default configuration doesn't work for external-fork-based PRs. Any advise on how to make this work without customising the CodeQL action yourself?