Also bind it to concrete v4 release

Development branch.

Added Updates and Automation

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

…_actions/main/github/codeql-action-3

Back port to development

Update README.md with config for fixed version

Updated README.md

Release v2.1

Reduce threshold to low in example to improve default.

# Pull useful improvements from community

## Pull new configuration input feature from related work in community

* Incorporate the feature to optionally include a `config_path` input to
allow further configuration of `bandit`

## Partial version bumps for action dependancies

* Updating to `github/code-action/upload-sarif@v3` presents no
significant changes since `v2` besides the underlying node version.
Details in [relevant project
README](https://github.com/github/codeql-action?tab=readme-ov-file#supported-versions-of-the-codeql-action)

* Updating to `actions/upload-artifact@v4` brings significant changes we
should be aware of. The maintainers have noted that version 4 introduces
breaking changes:

* **GitHub Enterprise Server (GHES) Compatibility**: Support for GHES
versions prior to 3.5 has been discontinued. If you're using an older
GHES version, this update might not be compatible.
* **Default Behavior Adjustments**: There may be changes to default
configurations, such as the default value for retention-days. Deprecated
inputs or features might have been removed as well.

For a comprehensive understanding of these impacts and to ensure
seamless integration, please review the maintainers' notes in the
[upload-artifact project
README](https://github.com/actions/upload-artifact#actionsupload-artifact)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Introduced an optional `config_path` parameter for the Bandit Scan
action, allowing users to specify a configuration file for command line
arguments.

- **Improvements**
- Updated artifact upload steps to use the latest versions of the
actions, enhancing reliability and functionality.
	- Added an option to overwrite existing artifacts during upload.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

… community features

> [!NOTE]
> 
> Due to the backup, upstream with
[actions/starter-workflows#2497](actions/starter-workflows#2497)
not yet resolved, this PR will include at-least two minor version bumps:
> 
> *
[v2.2](reactive-firewall@637c5c4)
@
[637c5c4](reactive-firewall@637c5c4)
> *
[v2.3](reactive-firewall@f8cf05e)
@
[f8cf05e](reactive-firewall@f8cf05e)

---