Enable tsec as language service plugin

[Siegrift]

This PR adds a tsec as language service plugin which enables showing potential security violations directly in the IDE.

There was one thing I needed to do (and not sure if it's just my issue) was that I needed to explicitly update tsec dependency, although there was no change in yarn.lock (it was probably just to invalidate the cache). Anyway, I recommend doing an explicit update of tsec using yarn upgrade tsec --latest.

[jrieken]

@Siegrift The changes look good but tsec is now reporting too many errors 😄 Async imports are quite popular in our codebase and we have no plans of changing that. Would it be possible to teach tsec more than one error code and to able to suppress certain error codes (instead of files)?

[koto]

@Siegrift The changes look good but tsec is now reporting too many errors 😄 Async imports are quite popular in our codebase and we have no plans of changing that. Would it be possible to teach tsec more than one error code and to able to suppress certain error codes (instead of files)?

I filed google/tsec#15.

@Siegrift - as a workaround, it should be possible soon to silence disable a specific conformance rule, no?

[Siegrift]

@jrieken @koto We have removed the rule from tsec. The changes are now available on latest master. We want it only internally and it was published by mistake :).

As Koto mentioned, we would like to improve the allowlist/suppression capabilities in the future.

[jrieken]

fyi - we have reverted the changes from this PR as there have been too many "annoying errors". I'd say this is largely due to google/tsec#15. However, I am also unsure what the best way is to write code that support the lack of trusted types, e.g we assume that (parts of) our code don't always run in environments where trusted types are available/polyfiled and I am afraid we will always have errors for that