Run CodeQL for GitHub Actions & improve workflows

[Marcono1234]

CodeQL support for GitHub Actions is now generally available, see changelog.

This pull request enables scanning of GitHub Actions and improves some of the other workflows. The CIFuzz workflow has been adjusted based on
https://github.com/google/oss-fuzz/blob/cafd7a0eb8ecb4e007c56897996a9b65c49c972f/docs/getting-started/continuous_integration.md, to also upload SARIF results (I don't know exactly how the results, if any, will be shown in the GitHub UI though).

Notes:

• The CodeQL workflow still uses queries: +security-and-quality, which runs additional queries which are not run by default (see documentation)
  If that causes too many irrelevant alerts, we could consider changing it (either for actions only, or also for java).
• An alternative to this CodeQL setup with a dedicated workflow would be default setup
  In that case the codeql-analysis.yml workflow has to be removed and CodeQL scanning has to be enabled in the repository settings.
  However, 'default setup' seems to use build mode 'none' for Java, and that might not be as accurate, for example because we have the GsonBuildConfig.java class which is processed during build.
  So maybe for now keeping the 'advanced setup' (with explicit workflow) is better?

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.