* fix(security): make research path lookup CodeQL-friendly * fix(security): avoid duplicate research path scans * fix(research): preserve active completed spinoff query