build: split codeql runners into sections to try to reduce runtime headaches

[feywind]

Continues the work started here: #8110

Currently trying to scan the entire repo in a cron job fails because it takes more than 6 hours.

[gemini-code-assist]

Code Review

This pull request introduces three new CodeQL configuration files to partition the repository's analysis paths into autogenerated, handwritten, and repository-specific segments. The review feedback suggests further partitioning the 'packages' directory to effectively utilize parallel runners and avoid timeouts. Additionally, it is recommended to use 'paths-ignore' in the repository configuration to ensure full coverage of root-level files and other directories not explicitly covered by the other configurations.

[gemini-code-assist]

If the packages directory is the primary contributor to the 6-hour runtime, moving it into its own configuration file will not resolve the timeout issue if it is still processed by a single CodeQL runner. To effectively reduce runtime and stay within the 6-hour limit, consider further partitioning the packages directory into multiple configuration files (e.g., by sub-directory ranges) to allow for parallel execution across multiple runners.

[gemini-code-assist]

This configuration explicitly lists only the .github directory, which means the repository root (containing files like package.json, tsconfig.json) and any other top-level directories (e.g., samples/, system-test/) are excluded from CodeQL analysis. To ensure full coverage of the repository while splitting the workload, consider using paths-ignore to capture all files not handled by the other runners. This also makes the configuration more resilient to the addition of new top-level directories.

paths-ignore:
  - 'packages'
  - 'core'
  - 'handwritten'