Add analysis workflows for SonarQube and CodeQL

[peternied]

Description

This repo has an asynchronous process where SonarQube rules are run several hours after code has merged. This creates a life-cycle where code is reviewed approved and merged and then needs to be updated in a second PR.

This change introduces two new workflows to minimize the after-work required for changes in this repo, by running CodeQL which is built into GitHub for security risk detection and SonarQube with its set of issues based on security issues, code smells, and bug detectors.

These new workflows are being added without any fixes or adjustments to the codebase to be handled in an ongoing basis.

Issues Resolved

• SonarQube integration https://opensearch.atlassian.net/browse/MIGRATIONS-1803

Testing

See failed workflow step and annotations on the pull request.

Check List

• [X] New functionality includes testing
  • [ ] All tests pass, including unit test, integration test and doctest
• [ ] New functionality has been documented
• [X] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 80.76%. Comparing base (d5b401c) to head (e5d47ee).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1158 +/- ## ========================================= Coverage 80.76% 80.76% Complexity 2948 2948 ========================================= Files 400 400 Lines 15104 15104 Branches 1021 1021 ========================================= Hits 12199 12199 Misses 2288 2288 Partials 617 617 ``` | [Flag](https://app.codecov.io/gh/opensearch-project/opensearch-migrations/pull/1158/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/opensearch-project/opensearch-migrations/pull/1158/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | `80.76% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles