Add SonarQube integration for code analysis

Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored.

.github/workflows/sonarqube.yml

@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: 2024 Winni Neessen <winni@neessen.dev>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+name: SonarQube
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+        go-version: '1.23.x'
+
+      - name: Run unit Tests
+        run: |
+          go test -v -race --coverprofile=./cov.out ./...
+
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

sonar-project.properties

@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2024 Winni Neessen <wn@neessen.dev>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+sonar.projectKey=niljson
+sonar.go.coverage.reportPaths=cov.out