Bump github/codeql-action from 2.3.2 to 2.3.3 (flutter#41811)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.3.3 - 04 May 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li>
<li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="https://github.com/oasis-tcs/sarif-spec/blob/123e95847b13fbdd4cbe2120fa5e33355d4a042b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
</ul>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
<li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li>
</ul>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/github/codeql-action/commit/29b1f65c5e92e24fe6b6647da1eaabe529cec70f"><code>29b1f65</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1669">#1669</a> from github/update-v2.3.3-318bcc7f8</li>
<li><a href="https://github.com/github/codeql-action/commit/140500d80a9d13f8e9d8b07bf08cf42724174788"><code>140500d</code></a> Update changelog for v2.3.3</li>
<li><a href="https://github.com/github/codeql-action/commit/318bcc7f84641571687cf0178155b0e9693c0f45"><code>318bcc7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1664">#1664</a> from github/update-bundle/codeql-bundle-20230428</li>
<li><a href="https://github.com/github/codeql-action/commit/f72bf5dfb3c0ae945124443c6a1fab09272edd9b"><code>f72bf5d</code></a> Fix workflow formatting</li>
<li><a href="https://github.com/github/codeql-action/commit/33461954a58f9ddd5ba352dcfe711eada654f061"><code>3346195</code></a> Merge branch 'main' into update-bundle/codeql-bundle-20230428</li>
<li><a href="https://github.com/github/codeql-action/commit/8ca5570701137b67af3d8ae3d6452f4cee6579da"><code>8ca5570</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1666">#1666</a> from github/aeisenberg/readme-update</li>
<li><a href="https://github.com/github/codeql-action/commit/b1b3d00b6278f6319c71d073ce785132634bdd95"><code>b1b3d00</code></a> Add link to changenote for custom config</li>
<li><a href="https://github.com/github/codeql-action/commit/d2f6dfd52d4ad3c64cdea0291e07a32fa007097c"><code>d2f6dfd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1665">#1665</a> from github/aeisenberg/config-param</li>
<li><a href="https://github.com/github/codeql-action/commit/cba5616040a473214d9afa57a1ebffa772f7c269"><code>cba5616</code></a> Update CHANGELOG.md</li>
<li><a href="https://github.com/github/codeql-action/commit/40c95932fefc0f8bc274a5cb5a0e56719b89ea37"><code>40c9593</code></a> Add changelog note</li>
<li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.2&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

.github/workflows/scorecards-analysis.yml

@@ -49,6 +49,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a
+        uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f
         with:
           sarif_file: results.sarif