Code Scanning API support

[wwong]

Description

Following up on open comments from https://github.com/hub4j/github-api/pull/1142 and https://github.com/cortexapps/github-api/pull/8

I don't currently have access to the security alerts for the example test repo (https://github.com/hub4j-test-org/Pixi), so the response fields might be slightly outdated until I (or someone else) can re-record the wiremock samples.

Start of an (incomplete) implementation for https://github.com/hub4j/github-api/issues/1133 (will add more endpoints in a later PR)

This change adds the read-only calls for the following endpoints, as they were originally implemented in previous PRs:

• List code scanning alerts for a repository
• Get a code scanning alert

Before submitting a PR:

• [x] Changes must not break binary backwards compatibility. If you are unclear on how to make the change you think is needed while maintaining backward compatibility, CONTRIBUTING.md for details.
• [x] Add JavaDocs and other comments explaining the behavior.
• [x] When adding or updating methods that fetch entities, add @link JavaDoc entries to the relevant documentation on https://docs.github.com/en/rest .
• [x] Add tests that cover any added or changed code. This generally requires capturing snapshot test data. See CONTRIBUTING.md for details.
• [x] Run mvn -D enable-ci clean install site locally. If this command doesn't succeed, your change will not pass CI.
• [x] Push your changes to a branch other than main. You will create your PR from that branch.

When creating a PR:

• [ ] Fill in the "Description" above with clear summary of the changes. This includes:
  • [ ] If this PR fixes one or more issues, include "Fixes #" lines for each issue.
  • [ ] Provide links to relevant documentation on https://docs.github.com/en/rest where possible. If not including links, explain why not.
• [ ] All lines of new code should be covered by tests as reported by code coverage. Any lines that are not covered must have PR comments explaining why they cannot be covered. For example, "Reaching this particular exception is hard and is not a particular common scenario."
• [ ] Enable "Allow edits from maintainers".

[wwong]

Hi @bitwiseman, tagging you here because you're the only member of the hub4j org that I can see.

When you get the chance, could you approve the test workflows on this PR? The tests are passing locally, but I want to make sure things are all good in CI before I open up for review. It'd also be great to get access to the security alerts in the hub4j-test-org so that I can refresh the wiremock snapshots. Thanks!

[bitwiseman]

@wwong I'm inviting you to the hub4j-test-org now.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 78.94737% with 24 lines in your changes missing coverage. Please review.

Project coverage is 81.02%. Comparing base (895ddce) to head (1e9c381). Report is 1 commits behind head on main.

Files	Patch %	Lines
...rg/kohsuke/github/GHCodeScanningAlertInstance.java	52.27%	9 Missing and 12 partials :warning:
...e/github/GHCodeScanningAlertInstancesIterable.java	92.30%	0 Missing and 1 partial :warning:
...g/kohsuke/github/GHCodeScanningAlertsIterable.java	93.33%	0 Missing and 1 partial :warning:
src/main/java/org/kohsuke/github/GHRepository.java	88.88%	1 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1787 +/- ## ============================================ - Coverage 81.05% 81.02% -0.04% - Complexity 2442 2476 +34 ============================================ Files 237 242 +5 Lines 7342 7456 +114 Branches 398 412 +14 ============================================ + Hits 5951 6041 +90 - Misses 1145 1155 +10 - Partials 246 260 +14 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[wwong]

@bitwiseman Thanks! I'll see if I can find some time this weekend to shore up the code coverage and add some more support for the rest of the Code Scanning endpoints.

[bitwiseman]

@wwong If/When you get back to this PR, please pull the changes I've applied and avoid force pushes to make reviewing easier.

[wwong]

Will do, thanks @bitwiseman. Life is a little busy right now, but I hope to get back to this soon, maybe in the next couple weeks.

In the process of integrating these changes in a work project, I also found some areas for improvement in the proposed code scanning interfaces, which I'll also try to incorporate before finalizing the PR.