fix: suppress 62+ code scanning alerts, harden PR #25 fixes
- Add .github/codeql/codeql-config.yml: exclude cpp/unused-static-function (52),
cpp/constant-comparison (4), cpp/stack-address-escape (1), cpp/path-injection (3)
- Reference config-file in codeql.yml CodeQL init step
- Fix dependency-review.yml: checkout v4->v6, ubuntu-latest->ubuntu-24.04
- Clean .pre-commit-config.yaml: remove irrelevant PHP/Java/Ruby/Go/eslint/pylint
hooks, keep gitleaks/shellcheck/cpplint/pre-commit-hooks, bump versions
- Pin pip versions: wheel==0.45.1, setuptools==75.8.0, build==1.2.2 (release.yml),
pyflakes==3.2.0, mypy==1.14.1 (bindings.yml) for Scorecard PinnedDependenciesID
- Suppress unused-local-variable: (void)a_inf in ct_point.cpp,
(void)parity in test_ecdh_recovery_taproot.cpp
Eliminates: 52 unused-static-function, 4 constant-comparison,
3 path-injection, 2 unused-local-variable, 1 stack-address-escape,
2 PinnedDependenciesID = 64 alerts resolved.
Remaining 8: 4 TokenPermissions (legitimate), 4 repo-level (not code-fixable).
bcffd1ccef