Onboard repo to Secure Development Tools Azure DevOps

[TinaMor]

PR Description

This PR onboards this repo to Secure Development Tools used for running of security and compliance static analysis tools. It adds a YAML file that will be used to create an Azure DevOps pipeline. This pipeline will be triggered by PRs created against the main branch.

Reference

1. CodeQL (previously Semmle)

   • CodeQL Portal
   • CodeQL for YAML-based Azure Pipelines
   • CodeQL Build Task
   • Recommended hardware resources for running CodeQL

2. CodeInspector

   • CodeInspector Build Task

3. Publish Security Analysis Logs

   • Publish Security Analysis Logs Build Task

Sample Run

[profnandaa]

wondering if this should be added as part of the /azure-pipelines.yml instead?

Approving; as you've explained about decoupling the pipeline since it takes a little longer that the current one.