fix: add CodeQL analysis workflow

[IronTony]

Related Issue(s)

Addresses CodeQL default setup analysis failures on main branch (Java/Kotlin, Ruby, Swift)

Motivation

The GitHub default CodeQL setup auto-detects all languages in the repository and attempts to analyze them. This causes CI failures because the repo contains minimal native module files (one Kotlin file, one Swift file) with no standalone build systems, and zero Ruby code. Replacing the default setup with a custom workflow scoped to JavaScript/TypeScript resolves these failures.

Description of Changes

Added .github/workflows/codeql.yml with CodeQL analysis targeting only javascript-typescript

How to Test

1. CI Checks: Verify that all automated tests (Vitest) and build steps pass successfully on this PR.
2. Post-merge: Confirm the CodeQL workflow runs successfully on main analyzing only JavaScript/TypeScript.
3. Manual step: After merging, disable the default CodeQL setup in repo Settings > Code security and analysis > Code scanning to prevent duplicate/failing runs.

Checklist

• My code follows the project's style guidelines
• I have added or updated tests to cover the changes
• I have updated relevant documentation
• All tests are passing locally
• CI checks are passing
• I have reviewed my own code and lock file changes
• I have checked for any potential security implications
• I have verified the changes work as expected

Notes for Reviewers

After this PR is merged, the default CodeQL setup must be disabled in the repository settings (Settings > Code security and analysis > Code scanning) so that only this custom workflow runs. Otherwise, both will trigger and the default setup will continue to fail on Java/Kotlin, Ruby, and Swift.