fix: Defer exitstatus 2 and 3 conditional handling to sarif submodule

What does this MR do?

Previously we would return any non-zero exit code which were previously being suppressed. Instead we should only error on codes tied specifically to semgrep misconfiguration and examine the SARIF output's toolExecutionNotification collection for acceptable failure cases

Testcases

https://gitlab.com/chris-semgrep/semgrep-exit-status-2

❯ docker run -it --rm --volume "$PWD":/tmp/app --env CI_PROJECT_DIR=/tmp/app --env SECURE_LOG_LEVEL=warn -w /tmp/app semgrep:handle-unexpected-failures
[WARN] [Semgrep] [2021-11-04T21:04:18Z] ▶ tool notification warning: SemgrepError found 'nosem' comment with id 'bandit.B502', but no corresponding rule trying 'bandit.B501'
[WARN] [Semgrep] [2021-11-04T21:04:18Z] ▶ report.TransformToGLSASTReport has only implemented a subset of the sarif spec
❯ echo $?
0

https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib

❯ docker run -it --rm --volume "$PWD":/tmp/app --env CI_PROJECT_DIR=/tmp/app --env SECURE_LOG_LEVEL=warn -w /tmp/app semgrep:handle-unexpected-failures
[WARN] [Semgrep] [2021-11-04T21:05:40Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-non-literal-require on /tmp/app/reports/theme/static/js/chart.js: `5:` was unexpected
[WARN] [Semgrep] [2021-11-04T21:05:40Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-possible-timing-attacks on /tmp/app/reports/theme/static/js/chart.js: `5:` was unexpected
[WARN] [Semgrep] [2021-11-04T21:05:40Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-non-literal-regexp on /tmp/app/reports/theme/static/js/chart.js: `5:` was unexpected
[WARN] [Semgrep] [2021-11-04T21:05:40Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-non-literal-fs-filename on /tmp/app/reports/theme/static/js/chart.js: `5:` was unexpected
[WARN] [Semgrep] [2021-11-04T21:05:40Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-object-injection on /tmp/app/reports/theme/static/js/chart.js: `5:` was unexpected
[WARN] [Semgrep] [2021-11-04T21:05:40Z] ▶ report.TransformToGLSASTReport has only implemented a subset of the sarif spec
❯ echo $?
0

What are the relevant issue numbers?

Relates to gitlab-org/gitlab#344546 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer