limit CodeQL to certain PR events

.github/workflows/codeql.yml

@@ -1,14 +1,22 @@
 name: "CodeQL vulnerability scan"
 
 on:
-  push:
-    branches: [ main, develop ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ main, develop ]
+    # Limit to certain PR event types since this action is slow
+    types: [ready_for_review, review_requested]
+
+  # When changes are pushed to special branches
+  push:
+    branches: [ main, develop ]
+
+  # In case vulnerability checks are updated
   schedule:
     - cron: '27 2 * * 1'
 
+  # Allow manual triggering
+  workflow_dispatch:
+
 env:
   GITHUB_ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}