story: add SAST scanning

[tomwillis608]

Describe the User Story

As a security minded engineer, so that the code is more secure, I want to have SAST in a CI workflow

Acceptance Criteria

There is a SAST scanner in the CI workflow for all PRs

Definition of Done

• [ ] Acceptance criteria met
• [ ] Usability tests passed - this user story should be easy to use by real users
• [ ] Code refactored for clarity - code must be clean, self-documenting code
• [ ] Dependency Rule followed - higher-level code should not depend directly on lower-level code
• [ ] Source code merged
• [ ] Unit test coverage of our code > 90%
• [ ] Security reviewed and reported - includes vulnerability and compliance scanning
• [ ] Code quality checks passed
• [ ] Build process updated if needed
• [ ] API documentation updated if needed

Additional Information

No response

Related Feature Request

No response

[tomwillis608]

CodeQL covers neither Bash nor Docker