Test: add CodeQL suppressions (#6135)

Resolve NuGet/Client.Engineering#3065

test/TestUtilities/Microsoft.Internal.NuGet.Testing.SignedPackages/OcspResponder.cs

@@ -229,6 +229,7 @@ private ReadOnlyMemory<byte> Sign(ResponseData responseData, HashAlgorithmName h
 
             byte[] tbsResponseData = writer.Encode();
 
+            // CodeQL [SM03799] This is test code. This is a test OCSP responder for local testing of various signing and verification scenarios in the product. We need to support the default for CMS and X.509 signing, which is PKCS #1 v1.5. See internal bug 2287166.
             return CertificateAuthority.KeyPair.SignData(tbsResponseData, hashAlgorithmName, RSASignaturePadding.Pkcs1);
         }
 #endif

test/TestUtilities/Microsoft.Internal.NuGet.Testing.SignedPackages/SigningTestUtility.cs

@@ -336,6 +336,7 @@ public static X509Certificate2 GenerateCertificate(
                 IsCA = true
             };
 
+            // CodeQL [SM03797] This is test code. Some tests use weak keys to test the product's rejection of weak keys. See internal bug 2287165.
             using (var rsa = RSA.Create(publicKeyLength))
             {
                 return GenerateCertificate(subjectName, modifyGenerator, rsa, hashAlgorithm, paddingMode, chainCertificateRequest);