Add CredScan suppression for test fixtures; wire suppressionsFile into template

Author: RyAuld

.Pipelines/credscan-exclusion.json

@@ -0,0 +1,16 @@
+{
+  "tool": "Credential Scanner",
+  "suppressions": [
+    {
+      "placeholder": "placeholder",
+      "_justification": "tests/certificate-with-password.pfx is a test fixture certificate used only in unit tests. It is not a production credential.",
+      "file": "tests/certificate-with-password.pfx"
+    },
+    {
+      "placeholder": "placeholder",
+      "_justification": "tests/test_mi.py line 385 contains a WWW-Authenticate challenge header value used as a test fixture in a mock HTTP response. It is not a real credential.",
+      "file": "tests/test_mi.py",
+      "line": "385"
+    }
+  ]
+}

.Pipelines/template-pipeline-stages.yml

@@ -63,6 +63,7 @@ stages:
     - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
       displayName: 'Run CredScan'
       inputs:
+        suppressionsFile: '$(Build.SourcesDirectory)/.Pipelines/credscan-exclusion.json'
         toolMajorVersion: V2
         debugMode: false