Add CodeQL linting to PRs

[adzuci]

Add CodeQL linting to PRs

Description

This is just a CI change. We will not block merging on findings for now and intend to just surface things so that PR authors and reviewers can consider addressing them.

I'll add more details about this PR after chatting with a few teams next week

If you're curious about what types of things this would surface to PR authors, check our https://lgtm.com/projects/g/edx/edx-platform/?mode=list or https://lgtm.com/projects/g/edx/edx-platform/?mode=list&tag=security

[edx-status-bot]

Your PR has finished running tests. There were no failures.

[feanil]

@adzuci it this only going to surface codeql issues on the delta change in the PR?

[arch-bom-gocd-alerts]

📣 💥 Heads-up: You must either rebase onto master or merge master into your branch to avoid breaking the build.

We recently removed diff-quality and introduced lint-amnesty. This means that the automated quality check that has run on your branch doesn't work the same way it will on master. If you have introduced any quality failures, they might pass on the PR but then break the build on master.

This branch has been detected to not have commit 2e335653 as an ancestor. Here's how to see for yourself:

git merge-base --is-ancestor 2e335653 adzuci/codeql && echo "You're all set" || echo "Please rebase onto master or merge master to your branch"

If you have any questions, please reach out to the Architecture team (either #edx-shared-architecture on Open edX Slack or #architecture on edX internal).

[adzuci]

@adzuci it this only going to surface codeql issues on the delta change in the PR?

I'm not sure about the PR reporting, but I'm looking for this view: https://github.com/openedx/edx-notes-api/security/code-scanning?query=is%3Aopen+branch%3Amaster+tool%3ACodeQL

[adzuci]

@katebygrace I'm closing this PR, but think it may be worth exploring more in the future.