fix: update CodeQL queries to include security-experimental suite for enhanced analysis

.github/workflows/codeql.yml

@@ -55,7 +55,7 @@ jobs:
         uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
         with:
           languages: ${{ matrix.language }}
-          queries: security-and-quality
+          queries: security-and-quality,security-experimental
           # Use CodeQL config to exclude documented false positives
           # Go: Excludes go/request-forgery for url_testing.go (has 4-layer SSRF defense)
           # See: .github/codeql/codeql-config.yml for full justification
@@ -118,7 +118,7 @@ jobs:
             echo "## 🔒 CodeQL Security Analysis Results"
             echo ""
             echo "**Language:** ${{ matrix.language }}"
-            echo "**Query Suite:** security-and-quality"
+            echo "**Query Suite:** security-and-quality + security-experimental"
             echo ""
           } >> "$GITHUB_STEP_SUMMARY"