Configure GitHub code scanning via CodeQL and OSSAR

Created by: ElizabethStirling

In order to accomplish our goals of increasing visibility, we want to set up some static analysis tools.

It looks as though we already have CodeQL partially configured, but it was configured with master, not main. https://github.com/sourcegraph/sourcegraph/pull/14186