Introduce Github CodeQL

[skonefal]

No description provided.

[cursor]

PR Summary

Low Risk
Low risk: adds a new GitHub Actions workflow for static analysis only; main impact is potential CI noise/failures if CodeQL finds issues or if workflow permissions/configuration are mis-scoped.

Overview
Introduces a new .github/workflows/codeql.yml GitHub Actions workflow to run CodeQL Advanced scanning for javascript-typescript on pushes to main and on a weekly cron schedule.

The job checks out the repo, initializes CodeQL with build-mode: none, and uploads results via github/codeql-action/analyze, with required security-events (and read-only) permissions configured.

^{Reviewed by Cursor Bugbot for commit efd12cf. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Missing pull request trigger
  • Added a pull_request trigger for main so CodeQL runs on PR updates before merge.

Or push these changes by commenting:

@cursor push 6d26a871bd

Preview (6d26a871bd)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -14,6 +14,8 @@
 on:
   push:
     branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
   schedule:
     - cron: '41 1 * * 3'

_{You can send follow-ups to the cloud agent here.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit efd12cf. Configure here.}