fix: Disable CodeQL in PR validation to resolve stale snapshot issue

- Disable CodeQL auto-injection globally in PR validation pipeline

- Add one-time 'pytestonwindows' job on Ubuntu to update the old stale CodeQL snapshot

- Uses build.sh on Linux (matching original CodeQL job setup)

- This fixes the S360 CodeQL finding SM02986 that was stuck on outdated code

- After the old snapshot is cleared, the pytestonwindows job should be removed

Resolves: User Story 39809 [S360] [CodeQL.SM02986]

Author: gargsaumya

eng/pipelines/pr-validation-pipeline.yml

@@ -7,11 +7,18 @@ trigger:
       - main
 
 jobs:
-- job: CodeQLAnalysis
+# =========================================================================================
+# One-time CodeQL Snapshot Update Job
+# =========================================================================================
+# This job exists to update the old CodeQL snapshot associated with 'pytestonwindows'.
+# After this runs successfully on main branch and the old CodeQL issue is cleared,
+# this entire job can be updated again in the pipeline.
+# =========================================================================================
+- job: pytestonwindows
   displayName: 'CodeQL Security Analysis'
   pool:
     vmImage: 'ubuntu-latest'
-  
+
   steps:
   - script: |
       sudo apt-get update