Improve CodeQL reports and alerts

[greenc-FNAL]

Per #123 (comment)

1. CodeQL as currently invoked does not flag in-PR alerts (existing or new).
2. Resolved alerts are not dismissed automatically.
3. PR comments are not as informative and clear as we need them to be.

[greenc-FNAL]

There is a local complication: early runs of CodeQL combined C++, Python, and GitHub Actions checks with the category, "codeql." Later runs were separated into different categories by language. Unfortunately, while it appears that matching (but for category) problems are not flagged on PRs (presumably because they are matched to preexisting main alerts), resolving them in the PR does not cause the alerts to be dismissed when the PR is merged, leading to uncertainty over whether problems remain.

[greenc-FNAL]

This was fixed by a combination of #129 and advice on cleaning up obsolete scanning history provided by a GitHub Support ticket.