fix: Skip CodeQL scanning on forked repositories

The CodeQL workflow requires security-events write permission and access
to internal GitHub registries/packs that aren't available in forks.
Adding a condition to only run on the main repository prevents workflow
failures in forked repositories.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: kaovilai

.github/workflows/code-scanning.yml

@@ -14,6 +14,8 @@ env:
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
+    # Only run on the main repository, not on forks
+    if: github.repository == 'github/github-mcp-server'
     runs-on: ${{ fromJSON(matrix.runner) }}
     permissions:
       actions: read