4417 fix codeql issues (#5793)

* Add release to codeql and queries to match lgtm

* Add lgtm config file

* Custom codeQL config to ignore app.js

* Custom config for lgtm

* Remove query filter for lgtm

* Updated the security test docs

* Remove lgtm.yml and delete app.js references

* Update codeql-config.yml

Co-authored-by: Alize Nguyen <alizenguyen@gmail.com>
Co-authored-by: Andrew Henry <akhenry@gmail.com>

.github/codeql/codeql-config.yml

@@ -0,0 +1 @@
+name: 'Custom CodeQL config'

.github/workflows/codeql-analysis.yml

@@ -1,11 +1,10 @@
-
-name: "CodeQL"
+name: 'CodeQL'
 
 on:
   push:
-    branches: [ master ]
+    branches: [master, 'release/*']
   pull_request:
-    branches: [ master ]
+    branches: [master, 'release/*']
     paths-ignore:
       - '**/*Spec.js'
       - '**/*.md'
@@ -27,17 +26,19 @@ jobs:
       security-events: write
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: javascript
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          config-file: ./.github/codeql/codeql-config.yml
+          languages: javascript
+          queries: security-and-quality
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2