Add CodeQL workflow for GitHub code scanning

[pattivacek]

See advancedtelematic/aktualizr#1830.

[codecov-commenter]

Codecov Report

Merging #95 (a6b5f05) into master (c54afdd) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #95   +/-   ##
=======================================
  Coverage   84.46%   84.46%           
=======================================
  Files         172      172           
  Lines       12284    12284           
=======================================
  Hits        10376    10376           
  Misses       1908     1908           

Impacted Files	Coverage Δ
src/aktualizr_info/main.cc	91.44% <0.00%> (-0.75%)	⬇️
src/libaktualizr/package_manager/ostreemanager.cc	78.37% <0.00%> (-0.34%)	⬇️
src/libaktualizr/storage/sqlstorage_base.cc	76.87% <0.00%> (+0.68%)	⬆️
src/libaktualizr/storage/sqlstorage_base.h	100.00% <0.00%> (+40.00%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[mike-sul]

The CodeQL failures are mostly in the tests/test fixtures. I wonder whether we should fix it or just turn the codeql check for the tests at all.

[cajun-rat]

I like the idea, but I think we should get all the checks green (or disable the troublesome ones) before merging. The error appears to be with setting up the build environment: Could NOT find Boost (missing: Boost_INCLUDE_DIR log_setup log system.

[pattivacek]

The CodeQL failures are mostly in the tests/test fixtures. I wonder whether we should fix it or just turn the codeql check for the tests at all.

Valid question. Typically we've been less strict about the tests, and I'm okay with that continuing to be the case.

I think we should get all the checks green (or disable the troublesome ones) before merging.

100% agree. I haven't had time to really dig into this but I figured putting it up was better than nothing.