Missing CodeQL scans

[mthalman]

There have been no recent CodeQL scans for the dotnet/source-build-external repo's CI pipeline. This causes S360 violations as there need to be regular pipeline runs to produce new CodeQL scan updates.

This is due to the fact that the SBE repo is no longer active from its main branch. To resolve this, CodeQL should be targeting an active branch like release/9.0.

[MichaelSimons]

[Triage] To fix this, the default branch needs to be changed in AzDO.

[NikolaMilosavljevic]

I don't think updating the default branch will help much. Most recent change in release/9.0 was back in April. I will update the branch for pipeline YML so it is picked up from release/9.0.

I think we also need to have regular scheduled builds, i.e. once a week. Here's the current pipeline YML: https://github.com/dotnet/source-build-externals/blob/0c12d76f2547438f622acab7b496882acc24591b/.vsts.pipelines/builds/ci.yml#L1C1-L17C13

@mthalman @MichaelSimons @marcpopMSFT