Fixup CodeQL workflow and configuration

[JonatanAntoni]

No description provided.

[RobertRostohar]

LGTM. Should we merge it regardless of CI failure (config file is added by this PR)?

[JonatanAntoni]

LGTM. Should we merge it regardless of CI failure (config file is added by this PR)?

No, of course not. It's still broken. Sorry for requesting the review ahead of time.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[Copilot]

Pull request overview

This PR updates the component build workflows (USB/Network/FileSystem) to use a shared CodeQL configuration and aligns the workflows’ checkout/build paths so CodeQL can be initialized and analyzed consistently.

Changes:

• Added a repository-wide CodeQL configuration file and wired it into the component build workflows.
• Simplified workflow paths by removing the nested checkout directory usage and updating relative paths accordingly.
• Improved CMSIS pack caching by adding a workflow-scoped cache key and restore prefix, and set CodeQL analysis categories per component.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
.github/workflows/build_usb.yml	Uses repo-root checkout, points CodeQL to the shared config, adjusts caching keying, and sets a USB CodeQL category.
.github/workflows/build_net.yml	Uses repo-root checkout, points CodeQL to the shared config, adjusts caching keying, and sets a Network CodeQL category.
.github/workflows/build_fs.yml	Uses repo-root checkout, points CodeQL to the shared config, adjusts caching keying, and sets a FileSystem CodeQL category.
.github/codeql-config.yml	New shared CodeQL configuration limiting scan scope and filtering out “recommendation” severity results.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[JonatanAntoni]

There seems not to be any config parameter to get rid of this warning:

Cannot build an overlay database because build-mode is set to "manual" instead of "none". Falling back to creating a normal full database instead.```