* fix(ci): consolidate CodeQL workflows with proper permissions
Merge codeql.yml and codeql-analysis.yml into a single workflow.
Add top-level permissions block to fix Checkov CKV2_GHA_1.
Changes:
- Add top-level permissions (actions: read, contents: read)
- Add merge_group trigger
- Enable security-and-quality query suite
- Use javascript-typescript language with build-mode: none
- Remove redundant codeql-analysis.yml
* fix(ci): include all required permissions at job level
Job-level permissions override top-level permissions in GitHub Actions
rather than extending them. Add actions: read and contents: read to
the job-level block so the analyze job retains all required permissions.
