Version 14 that we used before is now in maintenance mode, so we should
upgrade to the most recent LTS version.
Moreover, use the most recent `setup-node` workflow version and syntax;
see https://github.com/actions/setup-node#usage.
This command was added all the way back when basic CI-support was first introduced (using Travis at the time), however it's never really intended to be used e.g. for local development.
By having a `npm test`-command listed in the `package.json` file, there's a very real risk that someone unfamiliar with the code-base would only run that one and thus miss all the other (more important) test-suites[1].
Hence this patch which removes the `npm test`-command, and instead simply calls the relevant gulp-task[2] directly in the GitHub Actions configuration.
---
[1] Which consist of the unit-tests (run in browsers), the font-tests (potentially), the reference-tests, and the integration-tests.
[2] Which is also renamed slightly, to better fit its current usage.
This allows us to get the quality checks that LGTM does into GitHub
Advanced Security. Since it not only runs security checks anymore, the
workflow is also renamed to CodeQL to make this more explicit (and this
matches the documentation better).
This makes it consistent with the GitHub Advanced Security file and,
more importantly, ensures that all steps have a proper name for better
visibility.
Based on a number of opened issues, it seems that the "Is an extension" field might be causing some confusion as to its meaning. Without providing too much detail, I'm still thinking that we could attempt to clarify that it's referring to either of the *browser* extensions.
Given that the mailing list has now been closed, see [bug 1340296](https://bugzilla.mozilla.org/show_bug.cgi?id=1340296), and that there's no weekly meetings any more, we probably shouldn't mention either of those in CONTRIBUTING.md.
Instead, let's just suggest the IRC channel as a means of communication here.
