Added CodeQL scan and Clang Static Analyzer to workflows

[aido]

Hi,

The issues discussed in #18, #19, #20 and #21 were discovered by using CodeQL security scanning and the Clang Static Analyzer. This PR adds two workflows to automatically perform CodeQL and Clang Static Analyzer scans on bc-sskr.

CodeQL security scan results can be seen in the "Security" tab of the this repo.

If this PR is of any use then similar can be done for bc-shamir.

Note: This PR does not make any changes to code.

In future I may look to outputing the Clang Static Analyzer ourput in SARIF format and uploading to GitHub:
See here: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github

Then all analyzer output can be viewed and managed in one place on the Security page of the repo.

[aido]

Hi,

While testing this PR static analysis has thrown up a few more possible security issues which you may be interested in. Most if not all are probably not that worrisome. If you would like to view these issues go to https://github.com/aido/bc-sskr/security/code-scanning and select the actions branch.
Several concern the use of memcpy which apparently is not as secure as memcpy_s.