Add warnings about CLI hack to codeql.ts

These warnings refer to a hack that was added to the CLI in
https://github.com/github/semmle-code/pull/39335

They can be removed again once the CLI has a more principled way for
the CLI to recognize that it's being invoked by the runner/action.

lib/codeql.js

@@ -312,6 +312,12 @@ function getCodeQLForCmd(cmd) {
         },
         async getTracerEnv(databasePath) {
             // Write tracer-env.js to a temp location.
+            // BEWARE: The name and location of this file is recognized by `codeql database
+            // trace-command` in order to enable special support for concatenable tracer
+            // configurations. Consequently the name must not be changed.
+            // (This warning can be removed once a different way to recognize the
+            // action/runner has been implemented in `codeql database trace-command`
+            // _and_ is present in the latest supported CLI release.)
             const tracerEnvJs = path.resolve(databasePath, "working", "tracer-env.js");
             fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
             fs.writeFileSync(tracerEnvJs, `
@@ -326,6 +332,12 @@ function getCodeQLForCmd(cmd) {
         }
         process.stdout.write(process.argv[2]);
         fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');`);
+            // BEWARE: The name and location of this file is recognized by `codeql database
+            // trace-command` in order to enable special support for concatenable tracer
+            // configurations. Consequently the name must not be changed.
+            // (This warning can be removed once a different way to recognize the
+            // action/runner has been implemented in `codeql database trace-command`
+            // _and_ is present in the latest supported CLI release.)
             const envFile = path.resolve(databasePath, "working", "env.tmp");
             await new toolrunner.ToolRunner(cmd, [
                 "database",

src/codeql.ts

@@ -508,11 +508,18 @@ function getCodeQLForCmd(cmd: string): CodeQL {
     },
     async getTracerEnv(databasePath: string) {
       // Write tracer-env.js to a temp location.
+      // BEWARE: The name and location of this file is recognized by `codeql database
+      // trace-command` in order to enable special support for concatenable tracer
+      // configurations. Consequently the name must not be changed.
+      // (This warning can be removed once a different way to recognize the
+      // action/runner has been implemented in `codeql database trace-command`
+      // _and_ is present in the latest supported CLI release.)
       const tracerEnvJs = path.resolve(
         databasePath,
         "working",
         "tracer-env.js"
       );
+
       fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
       fs.writeFileSync(
         tracerEnvJs,
@@ -530,7 +537,14 @@ function getCodeQLForCmd(cmd: string): CodeQL {
         fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');`
       );
 
+      // BEWARE: The name and location of this file is recognized by `codeql database
+      // trace-command` in order to enable special support for concatenable tracer
+      // configurations. Consequently the name must not be changed.
+      // (This warning can be removed once a different way to recognize the
+      // action/runner has been implemented in `codeql database trace-command`
+      // _and_ is present in the latest supported CLI release.)
       const envFile = path.resolve(databasePath, "working", "env.tmp");
+
       await new toolrunner.ToolRunner(cmd, [
         "database",
         "trace-command",