gh: Add the codeql-runs-on input to codeql workflows

[azazeal]

This PR adds a codeql-runs-on input to codeql-analysis.yml, goCI.yml, and code-scan.yml so callers can pick a larger runner for CodeQL without forking these workflows.

The default is ubuntu-latest, so existing callers see no behavior change. The input keeps the codeql- prefix used by the other CodeQL inputs (codeql-build-cmd, codeql-build-mode, codeql-make-bootstrap); it's mapped to the job's unprefixed runs-on only at the codeql-analysis.yml layer.

[Copilot]

Pull request overview

This PR adds a configurable codeql-runs-on input to the repository’s reusable CodeQL workflows so callers can choose a different GitHub Actions runner label (e.g., a larger runner) without forking. The default remains ubuntu-latest, so existing callers should see no behavior change.

Changes:

• Add a codeql-runs-on workflow input (default ubuntu-latest) to relevant reusable workflows.
• Wire the new input through wrapper workflows (goCI.yml, code-scan.yml) into the underlying codeql-analysis.yml.
• Update codeql-analysis.yml to use the input to drive the job’s runs-on.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/goCI.yml	Adds codeql-runs-on input and forwards it to the called codeql-analysis.yml workflow.
.github/workflows/codeql-analysis.yml	Introduces codeql-runs-on input and uses it as the job runs-on value.
.github/workflows/code-scan.yml	Adds codeql-runs-on input and forwards it to codeql-analysis.yml.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.