Bump minimum CodeQL version to 2.16.6

[henrymercer]

This PR bumps the minimum CodeQL version to 2.16.6, as announced by #2859.

• Remove version guards for 2.16.5 and earlier
• Remove tool features that are always enabled for 2.16.6+
• Bump the CodeQL versions we use in CI to ensure we're testing the 2.20.7 stable version shipped to GHES
• Bump the minor version number of the Action

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Confirm the readme has been updated if necessary.
• Confirm the changelog has been updated if necessary.

[Copilot]

Pull Request Overview

This PR raises the minimum supported CodeQL CLI version to 2.16.6, removes legacy guards and features for older releases, and updates CI/test matrices and the action version accordingly.

• Remove version checks and feature flags for CodeQL ≤ 2.16.5
• Add stable-v2.20.7 to defaultTestVersions and workflow matrices; drop v2.15.5
• Bump action minor version to 3.29.0 and record in CHANGELOG

Reviewed Changes

Copilot reviewed 41 out of 41 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/analyze.ts	Drop redundant supportsFeature guard around build-mode tracing
pr-checks/sync.py	Remove stable-v2.15.5, add stable-v2.20.7 in defaultTestVersions
pr-checks/checks/cpp-deptrace-enabled-on-macos.yml	Include “linked” as a valid version for macOS C/C++ deptrace check
package.json	Bump action version from 3.28.19 to 3.29.0
lib/tracer-config.js	Simplify getCombinedTracerConfig; remove CODEQL_RUNNER fallback logic
lib/tracer-config.test.js	Rename test and drop outdated runner-env tests
lib/tools-features.js	Remove deprecated ToolsFeature flags
lib/tools-features.test.js	Update test to cover new ForceOverwrite flag
lib/init.js	Eliminate printPathFiltersWarning export and refactor initConfig grouping
lib/init.test.js	Remove tests for deprecated path-filters warning
lib/init-action.js	Streamline debug options; remove Go static-binary wrapper
lib/autobuild.js	Remove legacy feature check, simplify autobuild decision logic
lib/analyze.js	Remove unused import and obsolete supportsFeature check
lib/codeql.js	Bump CODEQL_MINIMUM_VERSION to 2.16.6; drop buildModeOption guard
CHANGELOG.md	Add “Bump minimum CodeQL bundle version to 2.16.6” entry
.github/workflows/__multi-language-autodetect.yml	Remove v2.15.5 matrix entries; add v2.20.7
.github/workflows/__go-tracing-legacy-workflow.yml	Remove v2.15.5 entries; add v2.20.7
.github/workflows/__go-tracing-custom-build-steps.yml	Remove v2.15.5 entries; add v2.20.7
.github/workflows/__go-tracing-autobuilder.yml	Remove v2.15.5 entries; add v2.20.7
.github/workflows/__cpp-deptrace-enabled-on-macos.yml	Add matrix entry for version “linked” on macOS

Comments suppressed due to low confidence (2)

pr-checks/sync.py:11

• Update this comment to point at the actual file where CODEQL_MINIMUM_VERSION lives (now in lib/codeql.js), so future bumps aren’t missed.

# The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`

lib/tracer-config.test.js:62

• Consider adding a test that validates the returned env object matches the contents of start-tracing.json (e.g. ensure CODEQL_DIST and CODEQL_PLATFORM are mapped correctly), to retain full coverage of tracer-config behavior.

(0, ava_1.default)("getCombinedTracerConfig", async (t) => {

[henrymercer]

Note that this PR updates the set of required checks — we'll need to follow these steps before merging.