Enable CodeQL on release branches

[davidnguyen-tech]

By default, CodeQL is enabled only on the default branch.

This PR enables CodeQL on release branches by checking if the branch name starts with release/.

Enabling CodeQL this way has been verified to work on a test branch:

https://dev.azure.com/dnceng/internal/_build/results?buildId=2848917&view=logs&j=bb592630-4b9d-53ad-3960-d954a70a95cf&t=140baf9e-5028-5c0c-1412-41cdda4839f3

[Copilot]

Pull request overview

This PR enables CodeQL security scanning on release branches in the Azure Pipelines configuration. CodeQL is typically enabled only on the default branch, but this change conditionally enables it on non-default branches when the source branch starts with release/.

Key Changes:

• Added CodeQL configuration to the SDL section with a conditional check for release branches

---

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[kotlarmilos]

/backport to release/10.0

[github-actions]

Started backporting to release/10.0 (link to workflow run)

[kotlarmilos]

/backport to release/9.0

[github-actions]

Started backporting to release/9.0 (link to workflow run)

[kotlarmilos]

/backport to release/8.0

[github-actions]

Started backporting to release/8.0 (link to workflow run)