Configure CodeQL scan

[johnclawson]

@mattbrown-msb

Since this is a public repo GitHub has allowed CodeQL security scans for free. Remind me to sit with you and set up to trial on this if that's ok. It's a quick setup on the Security tab of the repo but we'll have to make sure it's actually working as expected.