* Add the Truth dependency
* Port Junit test to Truth in the package `com.google.gson` of the module `gson`
* Replace the `assertThat(e.getMessage()).isEqualTo(...)"` with `assertThat(e).hasMessageThat().isEqualTo(...)`
* Minor fixes
* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
This is done since it is improper to throw a parse exception from serializers. Moreover, the serializers dont deal with external input, they deal with classes, so they need not guard against spurious input.