When I look at the advanced security settings on https://github.com/blowdart/idunno.Bluesky I get a nice warning:

Code scanning with GitHub Actions is not available for this repository.
GitHub Actions policy is limiting the use of some required actions. To use code scanning, allow actions from actions/* and github/codeql-action/* in your policy, or submit code scanning results externally using the API.

Except ... I have them listed in actions permissions

My permissions are as follows:

[X] Allow blowdart, and select non-blowdart, actions and reusable workflows
[X] Allow actions created by GitHub
[ ] Allow actions by marketplace verified creators

Allow or block specified actions and reusable workflows

EnricoMi/publish-unit-test-result-action@*,
actions/*,
azure/login@*,
danielpalme/ReportGenerator-GitHub-Action@*,
github/codeql-action/*,
irongut/CodeCoverageSummary@*,
marocchino/sticky-pull-request-comment@*,
nuget/login@*,
ossf/scorecard-action@*,
step-security/harden-runner@*,
test-summary/action@*,
zizmorcore/zizmor-action@*,

The CodeQL workflow runs perfectly fine but advanced security seems to think it doesn't run.

So, what's up with this? :)