* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
* Fix consecutive Maven builds failing without performing `clean`
By default moditect-maven-plugin refuses to overwrite the JAR file it
generated in a previous run.
* Make GitHub Maven build workflow detect Javadoc issues
