chore(ci): Add code scanning & fix dependabot failures

[dpogue]

Platforms affected

all

Motivation and Context

Improve CI.

Description

• Fix errors when dependabot PRs try to run tests in CI
• Add JavaScript code scanning with CodeQL

CodeQL doesn't support Objective C, and I tried enabling the Swift scanning but it caused everything to run so slowly that all the tests timed out. But we don't actually have much Swift code, do I doubt that it worth trying to enable that right now.

Testing

• Ran in CI, tests pass

Checklist

• [x] I've run the tests to see all new and existing tests pass

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 80.97%. Comparing base (fc0d1a2) to head (87c7757).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #1505 +/- ## ======================================= Coverage 80.97% 80.97% ======================================= Files 16 16 Lines 1850 1850 ======================================= Hits 1498 1498 Misses 352 352 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles