Update semgrep job of security CI workflow. (#340)

* Update semgrep job of security CI workflow.

Add new rulesets for semgrep.

* Exclude 'gitlab.gosec' ruleset from semgrep CI job.

Excluded because rules in this ruleset contain 'security-severity'
field with a string type value, while SARIF format accepts only numerical.
For more info see semgrep/semgrep#10834.

Author: nickeskov

.github/workflows/security.yml

@@ -44,7 +44,10 @@ jobs:
       - name: Run semgrep security scanner
         run: |
           cat << 'EOF' | bash
-              semgrep ci --config=auto --sarif --output=semgrep.sarif --max-target-bytes=2MB
+              semgrep ci --config="auto" --config="r/default" --config="r/go" --config="r/dgryski" \
+                --config="r/trailofbits" --config="r/dockerfile" --config="r/bash" \
+                --config="r/problem-based-packs" --config="r/generic" --config="r/yaml" --config="r/json" \
+                --sarif --dataflow-traces --output=semgrep.sarif --max-target-bytes=2MB
               EXIT_CODE=$?
               if [ "$EXIT_CODE" = "0" ] || [ "$EXIT_CODE" = "1" ]
               then