chore(ci): update and pin CodeQL action to v4.31.10

Update CodeQL action from unpinned @V3 to pinned version 4.31.10
(commit SHA: cdefb33c0f6224e58673d9004f47f7cb3e328b89).

Changes:
- github/codeql-action/init: v3 → v4.31.10 (pinned)
- github/codeql-action/autobuild: v3 → v4.31.10 (pinned)
- github/codeql-action/analyze: v3 → v4.31.10 (pinned)

Benefits:
- Security: Pinning to SHA ensures immutable action version
- Latest features: CodeQL bundle updated to 2.23.9
- Transparency: Version tag in comments for readability

Released: January 12, 2026
Changelog: https://github.com/github/codeql-action/blob/main/CHANGELOG.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: dmihalcik-virtru

.github/workflows/codeql.yaml

@@ -27,17 +27,17 @@ jobs:
       uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
 
     - name: Initialize the CodeQL tools for scanning
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
       with:
         languages: ${{ matrix.language }}
       timeout-minutes: 5
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
       timeout-minutes: 10
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
       with:
         category: "/language:${{matrix.language}}"
       timeout-minutes: 10