chore(ci): add codeql config [skip ci] (#33849)

### Issue # (if applicable)

Closes #<issue number here>.

### Reason for this change

64 codeql security alarms:
- https://github.com/aws/aws-cdk/security/code-scanning?page=2&query=is%3Aopen+branch%3Amain+%22Incomplete+string+escaping+or+encoding%22



### Description of changes

The security issues mentioned above originate from the dependency package `aws-sdk-js-v3`. The team has confirmed that these are false positive alarms triggered by CodeQL. As a result, we have added a path ignore for the integration test bundled Lambda code to suppress the alarms.

- context: aws/aws-sdk-js-v3#6623 (comment)



### Describe any new or updated permissions being added




### Description of how you validated changes



### Checklist
- [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: 5d

.github/codeql/codeql-config.yml

@@ -0,0 +1,4 @@
+# example: https://github.com/github/codeql-action/blob/main/.github/codeql/codeql-config.yml
+name: "CodeQL config"
+paths-ignore:
+  - '**/*.snapshot/**/asset*/index.js'

.github/workflows/codeql.yml

@@ -46,6 +46,7 @@ jobs:
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
+        config-file: ./.github/codeql/codeql-config.yml
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.