ci: Address some pesky SonarQube false-positive warnings

SonarQube static analysis complains about our use of our
`simd::shuffle`, saying we aren't using a cryptographically strong
random number generator, hilariously confusing the fact that we have
named this operation "shuffle" with the (unrelated!) potential error
of not using a good permutation/shuffle algorithm.

Also there are complaints about using http: instead of https:, but
this isn't a security problem, it's part of the metadata namespacing
for XMP.

I learned that there's a way to put specific exlusions in
sonar-project.properties, so here it is, finally silencing these
warnings.

Signed-off-by: Larry Gritz <lg@larrygritz.com>

Author: lgritz

sonar-project.properties

@@ -25,4 +25,17 @@ sonar.cfamily.build-wrapper-output=/__w/OpenImageIO/OpenImageIO/bw_output
 sonar.cfamily.gcov.reportsPath=_coverage
 sonar.coverage.exclusions=src/iv/**,src/include/OpenImageIO/detail/pugixml/**,src/include/OpenImageIO/detail/fmt/**,src/libOpenImageIO/kissfft.hh
 
+# Exclude false positives
+sonar.issue.ignore.multicriteria=e1,e2
+# Stop stupid Sonar from complaining about SIMD shuffle<>, it thinks it is
+# weak cryptography, but it's fooled simply by the name "shuffle", and we
+# aren't using it for cryptography at all. Sheesh.
+sonar.issue.ignore.multicriteria.e1.ruleKey=cpp:S2245
+sonar.issue.ignore.multicriteria.e1.resourceKey=**/simd.h,**/simd_test.cpp,**/texturesys.cpp
+# Stop stupid Sonar from complaining about using http: instead of https:, but
+# we aren't using it to establish a network connection, it's just a key we
+# must use for namespacing of XMP metadata groups.
+sonar.issue.ignore.multicriteria.e2.ruleKey=cpp:S5332
+sonar.issue.ignore.multicriteria.e2.resourceKey=**/xmp.cpp
+
 sonar.verbose=false

src/libtexture/texturesys.cpp

@@ -3199,15 +3199,17 @@ TextureSystemImpl::sample_bicubic(
         simd::vfloat4 col[4];
         for (int j = 0; j < 4; ++j) {
             simd::vfloat4 lx = lerp(texel_simd[j][0], texel_simd[j][1],
-                                    shuffle<0>(h) /*h0x*/);
+                                    broadcast_element<0>(h) /*h0x*/);
             simd::vfloat4 rx = lerp(texel_simd[j][2], texel_simd[j][3],
-                                    shuffle<1>(h) /*h1x*/);
-            col[j]           = lerp(lx, rx, shuffle<1>(g) /*g1x*/);
+                                    broadcast_element<1>(h) /*h1x*/);
+            col[j]           = lerp(lx, rx, broadcast_element<1>(g) /*g1x*/);
         }
-        simd::vfloat4 ly          = lerp(col[0], col[1], shuffle<2>(h) /*h0y*/);
-        simd::vfloat4 ry          = lerp(col[2], col[3], shuffle<3>(h) /*h1y*/);
+        simd::vfloat4 ly          = lerp(col[0], col[1],
+                                         broadcast_element<2>(h) /*h0y*/);
+        simd::vfloat4 ry          = lerp(col[2], col[3],
+                                         broadcast_element<3>(h) /*h1y*/);
         simd::vfloat4 weight_simd = weight;
-        accum += weight_simd * lerp(ly, ry, shuffle<3>(g) /*g1y*/);
+        accum += weight_simd * lerp(ly, ry, broadcast_element<3>(g) /*g1y*/);
         if (daccumds_) {
             simd::vfloat4 scalex = weight_simd * float(spec.width);
             simd::vfloat4 scaley = weight_simd * float(spec.height);

src/libutil/filesystem.cpp

@@ -465,7 +465,7 @@ Filesystem::unique_path(string_view model)
     std::string name;
 #endif
     static const char chrs[] = "0123456789abcdef";
-    static std::mt19937 rg { std::random_device {}() };
+    static std::mt19937 rg { std::random_device {}() };  //NOSONAR
     static std::uniform_int_distribution<size_t> pick(0, 15);
     static std::mutex mutex;
     std::lock_guard<std::mutex> lock(mutex);