Switch CodeQL from default setup to advanced setup for PR analysis

## Problem

CodeQL in default setup (dynamic workflow) only runs on `push` and `schedule` events. It does not run on `pull_request`, so external fork PRs are never analyzed before merge.

## Solution

Replace the default setup with a custom `.github/workflows/codeql.yml` that triggers on both `push` and `pull_request`. This enables maintainer approval for fork PR workflow runs via Actions settings.

## References

- https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Switch CodeQL from default setup to advanced setup for PR analysis #65

Problem

Solution

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Switch CodeQL from default setup to advanced setup for PR analysis #65

Description

Problem

Solution

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions