This commit switches to the bleeding edge, main branch of the
codeql action. This helps us test the action before merging all
of the new changes into main, which occurs roughly once a week.
If there are commits that introduce bugs in codeql-action, then
we will be more likely to catch it before releasing to the world
if we are using it in this extension.
Analysing all branches on both 'push' and 'pull request' events causes
duplicate analysis. It is only necessary to analyse the _target_
branches of pull requests on push.
Bring the CodeQL workflow up to date with the latest recommended
configuration, which analyses the merge commit of pull requests (not the
head of the PR branch).
