tools: enable CodeQL config file

A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: nodejs#57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: nodejs#58036
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>

Author: Trott

.github/codeql-config.yml

@@ -0,0 +1,4 @@
+name: CodeQL config
+
+paths-ignore:
+  - test

.github/workflows/codeql.yml

@@ -7,9 +7,6 @@ on:
 permissions:
   contents: read
 
-paths-to-ignore:
-  - test
-
 jobs:
   analyze:
     name: Analyze
@@ -33,6 +30,7 @@ jobs:
         uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5  # v3.28.11
         with:
           languages: ${{ matrix.language }}
+          config-file: ./.github/codeql-config.yml
 
       - name: Autobuild
         uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5  # v3.28.11