Allow suppressing analysis in specific places

[MaryamZi]

Description:

Right now, the scan tool allows skipping specific rules when performing a scan. These apply to the entire scan.

E.g.,

bal scan --exclude-rules="ballerina:101, ballerina/io:201"

But, it is not possible to suppress analysis only at specific lines of code.

We may most probably need an annotation for this. Also see https://stackoverflow.com/questions/10971968/turning-sonar-off-for-certain-code

[MaryamZi]

Whichever method we choose needs to

• work well with the compiler plugins/analysis tasks (i.e., need to have access to the relevant exclusions at the required levels).
• or we have the analysis run irrespective of exclusions and then filter out on the scan tool side

Some points to consider with annotations

• whether we can get the level of specificity we need with the attachment points allowed by the language
• where we define the annotation (we don't have a scan module at the moment)

[gayaldassanayake]

This doc also specifies how to do this in Sonarqube for different usecases. https://docs.sonarsource.com/sonarqube/latest/project-administration/analysis-scope/#excluding-specific-rules-from-specific-files

One other option for this other than annotations is having an exclusion file similar to the spotbugs-exclude.xml.

[gayaldassanayake]

Created a design document on this [Design][Scan tool] Suppressing Analysis in Specific Places. @sameerajayasoma it would be great if you can review and provide feedback.