Apparently the CodeQL workflow files can go stale with regard to ever-advancing CodeQL capabilities. Which is an issue in itself, and it would be nice to track the default template somehow.

That aside, we can scan actions and rust now, and should add that to the workflow here. Specifically I was expecting to seem some security issues created from CodeQL scanning related to workflow permissions not being restricted to minimum permissions possible

Reference file of a relatively new template with rust and actions available as possible languages:
https://github.com/ankidroid/Anki-Android/blob/main/.github/workflows/codeql.yml

Example showing Actions are scanned, I expect Rust to be here as well:
https://github.com/ankidroid/Anki-Android/security/code-scanning/tools/CodeQL/status