Unexpected ruleConfiguationOverrides entries in SARIF

[MattKotsenas]

Version Used: .NET SDK 9.0.100

Steps to Reproduce:

I don't yet have a minimal repro, but this appears to be 100% reproducible.

1. git clone https://github.com/MattKotsenas/moq.analyzers.git
2. git checkout repro/sarif-duplicate-entry
3. dotnet clean && dotnet build
4. notepad .\artifacts\obj\Moq.Analyzers\debug\Moq.Analyzers.sarif (this is a SARIF v2 file)
5. if you look in the section runs > invocations > ruleConfigurationOverrides you'll see two descriptors for S3267:

{
  "descriptor": {
    "id": "S3267",
    "index": 1122
  },
  "configuration": {
    "level": "warning"
  }
},
{
  "descriptor": {
    "id": "S3267",
    "index": 1122
  },
  "configuration": {
    "level": "note"
  }
},

Diagnostic Id:

This bug report uses S3267, which is from Sonar, but I don't believe this is related to the Sonar analyzer and instead is a bug somehow related to #67365.

Expected Behavior:

Because this .editorconfig rule override applies to the whole repo (set in commit 0c74755), I would expect only a single entry with the level of note.

Actual Behavior:

Two ruleConfigurationOverride entries, 1 with warning and 1 with note. That suggests that the compiler believes that somewhere in the compilation this rule is set to warning, which I don't think should be the case.

[dotnet-issue-labeler]

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

[dotnet-issue-labeler]

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.