* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
* Remove UnsafeReflectionAccessor
Revert #1218
Usage of sun.misc.Unsafe to change internal AccessibleObject.override field
to suppress JPMS warnings goes against the intentions of the JPMS and does not
work anymore in newer versions, see #1540.
Therefore remove it and instead create a descriptive exception when making a
member accessible fails. If necessary users can also still use `java` command
line flags to open external modules.
* Fix failing to serialize Collection or Map with inaccessible constructor
Also remove tests which rely on Java implementation details.
* Don't keep reference to access exception of ConstructorConstructor
This also avoids a confusing stack trace, since the previously caught
exception might have had a complete unrelated stack trace.
* Remove Maven toolchain requirement
* Address review feedback
* Add back test for Security Manager
