Add: enable CodeQL code scanning

As a replacement to the now deprecated LGTM(.com)

.github/codeql/codeql-config.yml

@@ -0,0 +1,10 @@
+name: openttd
+queries:
+- uses: security-and-quality
+query-filters:
+- exclude:
+    id:
+    # Only feasible way is to move away from fopen; fopen_s is optional C11 and not implemented on most platforms.
+    - cpp/world-writable-file-creation
+    # Basically OpenTTD's coding style for adding things like ..._INVALID to enumerations
+    - cpp/irregular-enum-init

.github/workflows/codeql.yml

@@ -0,0 +1,78 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+    - master
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Install dependencies
+      run: |
+        echo "::group::Update apt"
+        sudo apt-get update
+        echo "::endgroup::"
+
+        echo "::group::Install dependencies"
+        sudo apt-get install -y --no-install-recommends \
+          liballegro4-dev \
+          libfontconfig-dev \
+          libicu-dev \
+          liblzma-dev \
+          liblzo2-dev \
+          libsdl2-dev \
+          zlib1g-dev \
+          # EOF
+        echo "::endgroup::"
+      env:
+        DEBIAN_FRONTEND: noninteractive
+
+    - name: Set number of make jobs
+      run: |
+        echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: cpp
+        config-file: ./.github/codeql/codeql-config.yml
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: /language:cpp
+        upload: False
+        output: sarif-results
+
+    - name: Filter out table & generated code
+      uses: advanced-security/filter-sarif@v1
+      with:
+        patterns: |
+          +**/*.*
+          -**/table/*.*
+          -**/generated/**/*.*
+        input: sarif-results/cpp.sarif
+        output: sarif-results/cpp.sarif
+
+    - name: Upload results
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: sarif-results/cpp.sarif