Unpin codeql actions

[yurishkuro]

Which problem is this PR solving?

• Renovate bot does not upgrade these because the main branch there is on v2
• Code scanning does not need to be locked down as strictly as reproducible builds

Description of the changes

• Use v3 instead of exact commit or exact semver
• The logs still show the exact version used, e.g. CODEQL_ACTION_VERSION: 3.25.15

How was this change tested?

• CI

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.65%. Comparing base (81f81de) to head (87338d4).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5787      +/-   ##
==========================================
+ Coverage   96.53%   96.65%   +0.12%     
==========================================
  Files         342      342              
  Lines       16519    16519              
==========================================
+ Hits        15946    15966      +20     
+ Misses        386      363      -23     
- Partials      187      190       +3     

Flag	Coverage Δ
badger_v1	8.05% <ø> (ø)
badger_v2	1.81% <ø> (ø)
cassandra-3.x-v1	16.61% <ø> (ø)
cassandra-3.x-v2	1.74% <ø> (ø)
cassandra-4.x-v1	16.61% <ø> (ø)
cassandra-4.x-v2	1.74% <ø> (ø)
elasticsearch-6.x-v1	18.77% <ø> (ø)
elasticsearch-7.x-v1	18.84% <ø> (ø)
elasticsearch-8.x-v1	19.03% <ø> (?)
elasticsearch-8.x-v2	1.81% <ø> (ø)
grpc_v1	9.51% <ø> (-0.02%)	⬇️
grpc_v2	7.14% <ø> (ø)
kafka-v1	9.74% <ø> (ø)
kafka-v2	1.80% <ø> (-0.02%)	⬇️
memory_v2	1.81% <ø> (ø)
opensearch-1.x-v1	18.89% <ø> (ø)
opensearch-2.x-v1	18.89% <ø> (ø)
opensearch-2.x-v2	1.80% <ø> (ø)
unittests	95.07% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jkowall]

LGTM!