chore(deps): update github/codeql-action action to v4

Author: renovate[bot]

.github/workflows/codeql.yml

@@ -28,10 +28,10 @@ jobs:
             build-mode: none
     steps:
       - uses: actions/checkout@v5
-      - uses: github/codeql-action/init@v3
+      - uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
           queries: security-and-quality
-      - uses: github/codeql-action/autobuild@v3
-      - uses: github/codeql-action/analyze@v3
+      - uses: github/codeql-action/autobuild@16140ae1a102900babc80a33c44059580f687047 # v4
+      - uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4

.github/workflows/semgrep.yml

@@ -24,7 +24,7 @@ jobs:
       - run: semgrep ci --sarif-output=semgrep.sarif
         env:
           SEMGREP_RULES: p/default p/owasp-top-ten p/cwe-top-25 p/gitleaks p/r2c-security-audit
-      - uses: github/codeql-action/upload-sarif@v3
+      - uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4
         if: always()
         with:
           sarif_file: semgrep.sarif