Minor improvements to "Keeping the CodeQL Action up to date" section

[mbg]

Follow-up to #3499 with some minor improvements.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Environments:

• Testing/None - This change does not impact any CodeQL workflows in production.

How did/will you validate this change?

• None - I am not validating these changes.

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

N/A

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

This PR makes minor improvements to the "Keeping the CodeQL Action up to date" section in the README, following up on PR #3499. The changes clarify that the guidance applies to advanced setups, update the example version tag to the current latest (v4), and improve the wording for better clarity.

Changes:

• Updated section title to explicitly mention "advanced setups"
• Changed example major version tag from v3 to v4 to reflect the current latest version
• Improved wording from "controlled by" to "enabled by" and "pinned versions" to "old versions" for better clarity