Support security-experimental as a well-known suite

[angelapwen]

This change adds security-experimental as a well-known query suite that can be specified under the queries input. Note that this change is intended for internal/field users and will not be publicized in our changelog or documentation.

The suite will be supported for CLI versions 2.11.1+, and an error will be thrown if the suite was specified but the CLI version is not up to date.

As security-experimental includes the ML-powered queries, we test via the existing ML-powered query tests.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Confirm the readme has been updated if necessary.
• Confirm the changelog has been updated if necessary.

[angelapwen]

Skipped/failing test is unrelated (observed on other SHAs as well) so marking ready for review.

[henrymercer]

Looks good! Another thing to consider is adding the security-experimental suite to .github/codeql/codeql-config.yml. This would give us a little more assurance that this suite will continue working.

[angelapwen]

Have added the suite into .github/codeql/codeql-config.yml — thank you, I had meant to do that but it slipped my mind!

[henrymercer]

Looks good, though I realise now that we run the CodeQL check using both the latest and the cached tools, so we'll probably have to wait until 2.12.2 is released before we can update .github/codeql/codeql-config.yml.

[angelapwen]

Ah yeah that makes sense. I've made the changes and will make a note for the two follow-up changes (adding the suite to codeql-config.yml after the 2.12.2 release, and improving the linter)