Restrict triggers for CodeQL workflow

Analysing all branches on both 'push' and 'pull request' events causes
duplicate analysis. It is only necessary to analyse the _target_
branches of pull requests on push.

Author: tibbes

.github/workflows/codeql-analysis.yml

@@ -2,7 +2,13 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches:
+      - main
+      - 'rc/*'
   pull_request:
+    branches:
+      - main
+      - 'rc/*'
   schedule:
     - cron: '0 9 * * 1'