Feature flag to disable python dependency installation

[RasmusWL]

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Confirm the readme has been updated if necessary.
• Confirm the changelog has been updated if necessary.

I have tested this behavior on a repo of my own, by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION: "true" in the workflow -- let me know if we need to add some automated tests for this 👍

[RasmusWL]

@turbo requesting your review on the CHANGELOG.md change

@tausbn requesting your review on the recommendation if users want to specify what version to analyze as

[aeisenberg]

Also, do you have a related feature flag issue for this change? https://github.com/github/codeql-core/issues/new?assignees=&labels=CodeQL+Action&projects=&template=codeql_action_feature_flag_rollout.md&title=CodeQL+Action%3A+%5BFeature+Name%5D+Rollout+Plan

It helps us manage the rollout and eventual removal of the flag.

[RasmusWL]

Also, do you have a related feature flag issue for this change?

yes, it might be hard to spot from all the highlights of me force pushing changes, but here it is: https://github.com/github/codeql-core/issues/3552

[aeisenberg]

Thanks for the explanation (and apologies for jumping in with partial information).

[tausbn]

Looks good to me! 👍

[henrymercer]

A question and a suggestion for potentially improving one of the warnings.

[henrymercer]

I had a quick look at the changenote — I'm happy with the changes here, but also happy to wait for @turbo's review.

[aeisenberg]

Are we planning on doing a changelog post or some other public announcement? Especially explaining "a very minor impact on results" would be nice. If there is one, can you add a link here? If the post is planned, but the URL isn't known yet, we can always update this entry.

[RasmusWL]

Yes, once we start roll it out to new users, there will be a public changelog post 👍