docs+security: sync controls and scope Warden RC4 CodeQL exception

.github/codeql/codeql-config.yml

@@ -0,0 +1,7 @@
+name: wowee-codeql-config
+
+# Warden stream crypto must remain RC4 for protocol compatibility.
+# Keep weak-crypto detection enabled project-wide, but exclude this one file
+# so CodeQL doesn't raise an unfixable compatibility alert.
+paths-ignore:
+  - src/game/warden_crypto.cpp

.github/workflows/security.yml

@@ -48,6 +48,7 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: cpp
+          config-file: ./.github/codeql/codeql-config.yml
 
       - name: Build
         run: |