Add static analysis CI: -Wall, ASAN, UBSAN, and Valgrind

[Copilot]

Description

Implements stricter code quality enforcement as requested: compiler warnings, runtime sanitizers, and memory checking in CI.

New CI workflow (.github/workflows/static-analysis.yml):

• compiler-warnings - builds with -Wall
• asan-build - Address Sanitizer (memory errors, leaks, use-after-free)
• ubsan-build - Undefined Behavior Sanitizer (integer overflows, null derefs, invalid casts)
• valgrind-test - Valgrind with Zephyr-specific suppressions

All jobs run on native_sim, triggered on push/PR/weekly.

Global enforcement: -Wall enabled for all builds directly in root CMakeLists.txt after project() declaration.

Reusable snippets for local development:

west build -b native_sim app/backplane/sensor_module -- -DSNIPPET=asan
west build -b native_sim app/backplane/sensor_module -- -DSNIPPET=ubsan
west build -b native_sim app/backplane/sensor_module -- -DSNIPPET=compiler-warnings

Created snippets/{asan,ubsan,compiler-warnings} with corresponding helper functions in cmake/Snippets.cmake.

Documentation in .github/STATIC_ANALYSIS.md. Valgrind suppressions in .github/valgrind-zephyr.supp.

CMake fix: Resolved CI build errors by placing zephyr_compile_options(-Wall) directly in root CMakeLists.txt where Zephyr functions are available, rather than in a separate include file.

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

CI workflow validated through code review and CodeQL security analysis (0 alerts). Individual snippets follow patterns from existing samples using ASAN/UBSAN. CMake fix verified to resolve build errors in CI.

Test Configuration:

• Platform: native_sim (Linux only)
• All jobs use existing test root detection for selective builds

Checklist:

• New functionality is documented in the necessary spots (i.e new functions documented in the header)
• Unit tests cover any new functionality or edge cases that the PR was meant to resolve (if applicable)
• The CI checks are passing
• I reviewed my own code in the GitHub diff and am sure that each change is intentional
• I feel comfortable about this code flying in a rocket

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Make Our Lives Harder</issue_title>
<issue_description>Is your feature request related to a problem? Please describe.
It's too easy for us to write, commit, push and merge software.

Describe the solution you'd like
Let's make our lives harder by doing several things.

• Requiring -Wall for production compiles which will get ran in the CI too
• Have a Valgrind run of our code (we might need to suppress a few things Zephyr does)
• Run with ASAN for native_sim

</issue_description>

<agent_instructions>Please improve our CI procedures by having more jobs that can run stricter compiles, and simulate with Valgrind and ASAN and UBSAN to ensure good coding practices. You can reference static analysis tools used in ZephyrRTOS like
https://docs.zephyrproject.org/latest/develop/sca/clang.html
https://docs.zephyrproject.org/latest/develop/sca/codechecker.html
https://docs.zephyrproject.org/latest/develop/sca/coverity.html
https://docs.zephyrproject.org/latest/develop/sca/gcc.html

Also Zephyr's native sim docs which includes sections for doing UBSAN and ASAN
https://docs.zephyrproject.org/latest/boards/native/native_sim/doc/index.html

</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Make Our Lives Harder #137

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[AarC10]

@copilot CI did not pass because of CMake errors

[Copilot]

@copilot CI did not pass because of CMake errors

Fixed in commit 9c280b7. The issue was that CompilerWarnings.cmake was trying to call zephyr_compile_options() before the Zephyr package was fully initialized. Moved -Wall directly into the root CMakeLists.txt after the project() declaration where Zephyr functions are available.