Danijel Martinek
63b3cb0c10
Adds CodeQL static analysis on push to main, pull_request, and weekly on Wednesday 02:00 UTC (staggered from trace-revalidation Monday cron). Uses the default security-and-quality query suite. Includes a consumer note that private repos require GitHub Advanced Security.