Bump github/codeql-action from 3.25.13 to 3.25.15 (#377)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.13 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
-
[Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
-
[Commits](github/codeql-action@2d79040...afb54ba)

---
updated-dependencies:
- dependency-name: github/codeql-action dependency-type:
direct:production update-type: version-update:semver-patch ...

This PR replaces #376 which is not up-to-date and rebase is delayed or
failing. (Dear bots, I'm trying to be nice to the damn bot here, see?)

.github/workflows/codeql.yml

@@ -64,7 +64,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -94,6 +94,6 @@ jobs:
           exit 1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/scorecard.yml

@@ -65,6 +65,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: results.sarif