Move CodeQL analysis to dedicated workflow

Extracted the CodeQL security analysis job from test.yml into a new codeql-analysis.yml workflow file for better separation of concerns and maintainability.

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,38 @@
+name: "CodeQL Security Analysis"
+
+on:
+  push:
+    branches: [ "master", "try/codeql" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    # 每周一凌晨 2 点运行（可选）
+    - cron: '0 2 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze JavaScript/TypeScript
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: javascript-typescript
+          # Use custom CodeQL configuration with Electron-specific queries
+          config-file: ./.github/codeql/codeql-config.yml
+          # Add custom queries directory
+          queries: ./.github/codeql
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:javascript-typescript"
+          # 结果会自动上传到 Security > Code scanning alerts

.github/workflows/test.yml

@@ -59,28 +59,3 @@ jobs:
             userData-test/settings/
           retention-days: 7
         continue-on-error: true
-
-  codeql:
-    name: CodeQL Analysis
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: javascript-typescript
-          # Use custom CodeQL configuration with Electron-specific queries
-          config-file: ./.github/codeql/codeql-config.yml
-          # Add custom queries directory
-          queries: ./.github/codeql
-          
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:javascript-typescript"