chore(ci): add session diagnostics CodeQL quality shard

Adds a focused non-security CodeQL quality shard for session diagnostics, delivery queues, and related diagnostic contracts.

.github/workflows/codeql-critical-quality.yml

@@ -11,6 +11,7 @@ on:
         options:
           - all
           - plugin-sdk-package-contract
+          - session-diagnostics-boundary
   schedule:
     - cron: "30 6 * * *"
 
@@ -181,6 +182,28 @@ jobs:
         with:
           category: "/codeql-critical-quality/memory-runtime-boundary"
 
+  session-diagnostics-boundary:
+    name: Critical Quality (session-diagnostics-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'session-diagnostics-boundary' }}
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    timeout-minutes: 25
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          languages: javascript-typescript
+          config-file: ./.github/codeql/codeql-session-diagnostics-boundary-critical-quality.yml
+
+      - name: Analyze
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          category: "/codeql-critical-quality/session-diagnostics-boundary"
+
   ui-control-plane:
     name: Critical Quality (ui-control-plane)
     if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}