* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
* optimized the create() method, excludeClass used to get called two times, changed it to one
* fixed the create() method, and added support to disableAnonymousAndLocalClassSerialization
* peek only once
* enable anonymous and local class serialization
* bugfix
* removed the method, will raise it as a separate PR