🔒️ Adds codeql-analysis cron job

[pcrespov]

What do these changes do?

• Activates cron job that analyzes repo code for vulnerabilities (every monday at 5:26am)
• Fixes two clear-text logging of sensitive info
  • NOTE: as a good practice always use SecretStr in pydantic models for objects that are logged

More details:

• codeQL
• GH-Action
• LGTM
• codeql-config

To see some of the job runs, check the "Actions" tab and select CodeQL workflow

Related issue/s

• M1–9 Cybersecurity and privacy osparc-issues#509

Checklist

• scan only src/ folders
• leave only cron-job and disable push+pull-request
• analyze code and apply fixes
• Openapi changes? make openapi-specs, git commit ... and then make version-*)
• Database migration script? cd packages/postgres-database, make setup-commit, sc-pg review -m "my changes"
• Unit tests for the changes exist
• Runs in the swarm
• Documentation reflects the changes
• New module? Add your github username to .github/CODEOWNERS

[codecov]

Codecov Report

Merging #2826 (21e5339) into master (64f0631) will increase coverage by 3.2%.
The diff coverage is 100.0%.

@@           Coverage Diff            @@
##           master   #2826     +/-   ##
========================================
+ Coverage    76.0%   79.2%   +3.2%     
========================================
  Files         675     675             
  Lines       27642   27640      -2     
  Branches     3221    3221             
========================================
+ Hits        21017   21912    +895     
+ Misses       5935    4979    -956     
- Partials      690     749     +59     

Flag	Coverage Δ
integrationtests	65.6% <100.0%> (+24.8%)	⬆️
unittests	74.8% <50.0%> (-0.1%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...mcore_service_datcore_adapter/modules/pennsieve.py	90.9% <ø> (-0.1%)	⬇️
...tor_v2/modules/dynamic_sidecar/scheduler/events.py	94.8% <ø> (+56.2%)	⬆️
...es/dynamic_sidecar/docker_service_specs/sidecar.py	82.9% <100.0%> (+14.6%)	⬆️
.../simcore_service_catalog/db/repositories/groups.py	70.2% <0.0%> (-2.8%)	⬇️
.../simcore_service_catalog/services/access_rights.py	78.7% <0.0%> (-2.5%)	⬇️
...ore_service_director_v2/utils/dask_client_utils.py	73.4% <0.0%> (-1.3%)	⬇️
...c/simcore_service_catalog/core/background_tasks.py	67.3% <0.0%> (-1.1%)	⬇️
.../director/src/simcore_service_director/producer.py	62.1% <0.0%> (-0.7%)	⬇️
.../simcore_service_webserver/projects/projects_db.py	93.8% <0.0%> (+0.2%)	⬆️
...re_service_webserver/projects/projects_handlers.py	81.1% <0.0%> (+0.3%)	⬆️
... and 50 more

[mguidon]

So what are we scanning for by default?

[pcrespov]

Check the links above RT... :-) ... but basically thinks like plotting sensitive info (e.g. he was able to trace in the code and detect that a password was printed in the logs ... was quite impressive BTW)

[mguidon]

Very nice tool!