Add local CodeQL analysis targets to Makefile (#209)

Author: lavr

.gitignore

@@ -42,3 +42,7 @@ venv/
 
 docs/plans/
 .claude/*local*
+
+# CodeQL
+.codeql-db
+codeql-results.sarif

Makefile

@@ -11,3 +11,19 @@ test:
 
 pypi:
 	python setup.py sdist bdist_wheel upload
+
+CODEQL_DB = .codeql-db
+CODEQL_PYTHON = .venv/bin/python
+
+codeql-db:
+	rm -rf $(CODEQL_DB)
+	codeql database create $(CODEQL_DB) --language=python --source-root=. \
+		--extractor-option=python.python_executable=$(CODEQL_PYTHON)
+
+codeql-analyze: codeql-db
+	codeql pack download codeql/python-queries
+	codeql database analyze $(CODEQL_DB) codeql/python-queries \
+		--format=sarif-latest --output=codeql-results.sarif
+
+codeql-clean:
+	rm -rf $(CODEQL_DB) codeql-results.sarif