Add CodeQL (SAST) scan and Dependency Review (SCA) scan to CI pipeline

https://trello.com/c/gbGaKLLu/3352-add-sca-and-sast-scans-to-all-govuk-repos-2

.github/workflows/ci.yml

@@ -10,6 +10,16 @@ on:
   workflow_dispatch:
 
 jobs:
+  codeql-sast:
+    name: CodeQL SAST scan
+    uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main
+    permissions:
+      security-events: write
+
+  dependency-review:
+    name: Dependency Review scan
+    uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main
+
   test:
     name: Test Go
     runs-on: ubuntu-latest