Improve rules in SAST for Go
The merge request on the phpcs-security analyzer makes me think our Go rules are suboptimal. The findings data is minimalist and doesn't really explain what to look for.
The first is a medium severity, for something that needs to be audited only:
I would say the confidence is at best Low in this case, since I imagine this rule will be triggered every time we use exec.Command
(hint: we use it a LOT in analyzers).
The second one is more a code quality issue than a security one:
We should improve these rules with better description and guidance for Users.
/cc @julianthome