Orchestration Banned APIs Roslyn analyzer

[allantargino]

This PR adds 3 analyzers that verify whether orchestrations are using banned APIs through:

• Task.Run/Thread.Start/TaskFactory (DURABLE0004)
• Input/Output types (such as HttpClient, etc) (DURABLE0005)
• Environment Variables (DURABLE0006)

The list of I/O types is by no means comprehensive or complete, but rather an initial set of well-known types used in Azure Functions - we should augment that list soon. I tried to have feature parity with the types covered by our previous analyzer.

[jviau]

Some other types to consider: IConfiguration, IOptions, IOptionsSnapshot, IOptionsMonitor

[jviau]

I do have a general question: what is the plan for analyzers when we make a feature which invalidates an analyzer? Not saying we have anything planned, but what if we do something that supplies some special idempotent clients? Which are then safe to call from orchestrations?

[allantargino]

Regarding the invalidation of released analyzers, I think that depends whether the new feature is in a major or minor release.

• In a new major release, I think we can just completely erase the analyzer, releasing a new major of the analyzer too.

• In a new minor release, I researched a bit and there is really neat mechanism called DiagnosticSuppressor which I think we can use:

  Provide an ability for platform/library authors to author simple, context-aware compiler extensions to programmatically suppress specific instances of reported analyzer and/or compiler diagnostics, which are always known to be false positives in the context of the platform/library.

  For instance, I created the following Supressor and DURABLE0001 (DateTime diagnostic) stopped being shown:

  [DiagnosticAnalyzer(LanguageNames.CSharp)]
  public sealed class MySupressor : DiagnosticSuppressor
  {
      static SuppressionDescriptor Rule = new SuppressionDescriptor("SOMETHING123", "DURABLE0001", "no longer make sense");
      public override ImmutableArray<SuppressionDescriptor> SupportedSuppressions => [Rule];
  
      public override void ReportSuppressions(SuppressionAnalysisContext context)
      {
          foreach (var diagnostic in context.ReportedDiagnostics)
          {
              context.ReportSuppression(Suppression.Create(Rule, diagnostic));
          }
      }
  }

I am not sure if that's the best process available @jviau, but could work 👍

For reference: SuppressionAnalysisContext .ReportSuppresion docs.

[bachuv]

Left some questions and comments, but overall looks good! Thanks!

[bachuv]

LGTM!