Add root-level CodeQL.yml file to configure file classification for security scanning

[Copilot]

Summary

This PR adds a root-level CodeQL.yml file to configure file classification and exclusions for CodeQL security scanning. The configuration classifies build artifacts as generated code to exclude them from security alerts while explicitly marking source code directories.

Changes

• Added CodeQL.yml at repository root with path classifiers:
  • Classifies build/ and dist/ folders as generated code to exclude from security alerts
  • Classifies src/ as code for clarity

Configuration Details

The new file uses CodeQL's path_classifiers feature:

path_classifiers:
  generated:
    - build/
    - dist/
  code:
    - src/

Benefits

• Reduces noise: Generated code in build/ and dist/ directories won't trigger security alerts
• Focused scanning: Security analysis focuses on actual source code in src/
• Complements existing config: Works alongside the existing .github/codeql/codeql-config.yml configuration

Validation

• ✅ YAML syntax validated
• ✅ All referenced directories exist in repository
• ✅ File placed at exact location with case-sensitive naming (CodeQL.yml)
• ✅ Content matches specification requirements

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• http://168.63.129.16:80/machine/
  • Triggering command: /usr/bin/python3 -u bin/WALinuxAgent-2.13.1.1-py3.9.egg -collect-logs (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.