Fix Semgrep rule IDs for Security Code Scan

Summary

C# vulnerabilities detected by the new Semgrep ruleset (#347258 (closed)) are being reported with the incorrect rule ID, leading to duplicates.

Steps to reproduce

1. Set up a C# repo with SAST enabled, where both SCS and Semgrep will execute.
2. Observe duplicate findings in the vulnerability report.

Example Project

For a live example, search for SCS0005 in the vulnerability report of this test project.

Possible fixes

Modify convert.go to format Security Code Scan rule IDs correctly. The correct form of the ID is SCSxxxx with no prefix or suffix.

We can do this after gitlab-org/security-products/analyzers/semgrep!147 (closed) is merged, as it changes some of the structure of the conversion functions.