fix: Always rune code scanning, even if draft PR

.github/workflows/codeql-analysis.yml

@@ -19,8 +19,6 @@ on:
 
 jobs:
   analyze:
-    if: ${{ !github.event.pull_request.draft }}
-
     runs-on: ubuntu-latest
     container: debian:trixie-slim
     timeout-minutes: 20

.github/workflows/sonarcloud-analysis.yml

@@ -18,7 +18,9 @@ on:
     branches: [master]
 
 jobs:
-  sonarcloud-analysis:
+  analyze:
+    # This job would fail for contributors who open PRs as the workflow runs outside of our repo
+    # in this scenario. Having a var that only we set to true prevents this job from running.
     if: ${{ vars.SONAR_SCANNER_ENABLED }}
 
     runs-on: ubuntu-latest