fix: layer 1 — add code scanning suppressions for acceptable patterns

[KooshaPari]

Summary

Adds .github/code-scanning/suppressions.md documenting acceptable code scanning alert suppressions.

Changes

• .github/code-scanning/suppressions.md (new file, 32 lines): Documents suppression justifications for:
  • clear-text-logging: status codes/API responses in debug logs (standard practice)
  • weak-sensitive-data-hashing: Go standard logging, not crypto operations
  • path-injection: standard file path handling in auth
  • bad-redirect-check: standard HTTP redirect handling

Stack Position

Layer 1 of stacked merge (base: clean-main)

Test plan

• Code scanning suppressions file is valid YAML/markdown
• Suppressions are scoped to specific packages (not repo-wide blanket)

[gemini-code-assist]

Warning

Gemini encountered an error creating the summary. You can try again by commenting /gemini summary.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/security-clear-text-logging

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}