add codeql workflow

.github/workflows/everything.yml

@@ -425,6 +425,59 @@ jobs:
       - name: Test
         run: /opt/adios2/source/testing/contract/${{ matrix.code }}/test.sh
 
+#######################################
+# Code analysis builds
+#######################################
+
+  analyze:
+    needs: [format, git_checks]
+    name: CodeQL vulnerability scan
+    runs-on: ubuntu-latest
+    container:
+      image: 'ornladios/adios2:ci-spack-el8-gcc8-serial'
+      env:
+        GH_YML_JOBNAME: el8-gcc8-serial
+        GH_YML_BASE_OS: Linux
+        GH_YML_MATRIX_OS: el8
+        GH_YML_MATRIX_COMPILER: gcc8
+        GH_YML_MATRIX_PARALLEL: serial
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        path: gha
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
+        path: source
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+    - name: Setup
+      run: gha/scripts/ci/gh-actions/linux-setup.sh
+    - name: Update
+      run: gha/scripts/ci/gh-actions/run.sh update
+    - name: Configure
+      run: gha/scripts/ci/gh-actions/run.sh configure
+    - name: Build
+      run: gha/scripts/ci/gh-actions/run.sh build
+    - name: Test
+      run: gha/scripts/ci/gh-actions/run.sh test
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
+
 #######################################
 # Workaround for skipping matrix jobs
 #######################################