fix(scripts): exclude JS from SonarQube scan

The SonarQube scanner's JavaScript/TypeScript sensor activates on
vendored JS files in src/main/webapp/js/ (jQuery, js.cookie,
testsuiteutils) and attempts to start a Node.js bridge server, which
times out in the scanner Docker container -- killing the entire scan.

Add **/*.js to sonar.exclusions so the JS sensor never activates.
This project benchmarks Java SAST tools only; SonarReport.java already
filters to java:* rules, so JS findings were never collected.

Closes #235

Author: TheAuditorTool

scripts/runSonarQube.sh

@@ -75,7 +75,7 @@ docker run --env SONAR_SCANNER_OPTS=-Xmx4g --rm -v ~/.m2:/root/.m2 -v "$(pwd)":"
   -Dsonar.host.url="$sonar_docker_host" \
   -Dsonar.login="$sonar_token" \
   -Dsonar.sources="src" \
-  -Dsonar.exclusions="results/**,scorecard/**,scripts/**,tools/**,VMs/**"
+  -Dsonar.exclusions="results/**,scorecard/**,scripts/**,tools/**,VMs/**,**/*.js"
 
 echo "Waiting for SonarQube CE to finish task..."