maint(ci): clean up semgrep rules and ignores (#12347)

Cleans up the existing semgrep rules and gets rid of the blanket
ignores that were being applied everywhere now that we can add
ignores for specific files in the rule config.

.semgrep/sol-rules.yaml

 rules:
   - id: sol-safety-deployutils-args
+    languages: [solidity]
+    severity: ERROR
     pattern-regex: DeployUtils\.(create1|create2|create1AndSave|create2AndSave)\s*\(\s*\{[^}]*?_args\s*:\s*(?!\s*DeployUtils\.encodeConstructor\()\s*[^}]*?\}\s*\)
     message: _args parameter should be wrapped with DeployUtils.encodeConstructor
-    severity: ERROR
-    languages:
-      - solidity
+
   - id: sol-style-input-arg-fmt
+    languages: [solidity]
+    severity: ERROR
     pattern-regex: function\s+\w+\s*\(\s*([^)]*?\b\w+\s+(?!_)(?!memory\b)(?!calldata\b)(?!storage\b)(?!payable\b)\w+\s*(?=,|\)))
     message: Named inputs to functions must be prepended with an underscore
-    severity: ERROR
-    languages:
-      - solidity
+    paths:
+      exclude:
+        - op-chain-ops/script/testdata/scripts/ScriptExample.s.sol
+        - packages/contracts-bedrock/scripts/libraries/Solarray.sol
+        - packages/contracts-bedrock/scripts/interfaces/IGnosisSafe.sol
+        - packages/contracts-bedrock/src/universal/interfaces/IWETH.sol
+        - packages/contracts-bedrock/src/universal/WETH98.sol
+        - packages/contracts-bedrock/src/L2/interfaces/ISuperchainWETH.sol
+        - packages/contracts-bedrock/src/L2/SuperchainWETH.sol
+        - packages/contracts-bedrock/src/governance/interfaces/IGovernanceToken.sol
+        - packages/contracts-bedrock/src/governance/GovernanceToken.sol
+
   - id: sol-style-return-arg-fmt
+    languages: [solidity]
+    severity: ERROR
     pattern-regex: returns\s*(\w+\s*)?\(\s*([^)]*?\b\w+\s+(?!memory\b)(?!calldata\b)(?!storage\b)(?!payable\b)\w+(?<!_)\s*(?=,|\)))
     message: Named return arguments to functions must be appended with an underscore
-    severity: ERROR
-    languages:
-      - solidity
+    paths:
+      exclude:
+        - op-chain-ops/script/testdata/scripts/ScriptExample.s.sol
+        - packages/contracts-bedrock/scripts/libraries/Solarray.sol
+        - packages/contracts-bedrock/scripts/interfaces/IGnosisSafe.sol
+        - packages/contracts-bedrock/src/dispute/interfaces/IPermissionedDisputeGame.sol
+        - packages/contracts-bedrock/src/dispute/interfaces/IFaultDisputeGame.sol
 
   - id: sol-style-doc-comment
     languages: [solidity]

.semgrepignore

@@ -9,6 +9,7 @@ vendor/
 *.min.js
 
 # Common test paths
+# TODO: Tests should conform to semgrep too.
 test/
 tests/
 
@@ -17,29 +18,3 @@ tests/
 
 # Semgrep-action log folder
 .semgrep_logs/
-
-op-chain-ops/script/testdata
-op-chain-ops/script/testdata/scripts/ScriptExample.s.sol
-
-packages/*/node_modules
-packages/*/test
-
-# TODO: Define these exclusions inside of the semgrep rules once those rules
-# are all defined locally in the repository instead of the semgrep app.
-
-# Contracts: autogenerated solidity library
-packages/contracts-bedrock/scripts/libraries/Solarray.sol
-
-# Contracts: vendor interfaces
-packages/contracts-bedrock/scripts/interfaces/IGnosisSafe.sol
-packages/contracts-bedrock/src/vendor/eas/
-
-# Contracts: deliberate exclusions
-packages/contracts-bedrock/src/universal/WETH98.sol
-packages/contracts-bedrock/src/universal/interfaces/IWETH.sol
-packages/contracts-bedrock/src/L2/SuperchainWETH.sol
-packages/contracts-bedrock/src/L2/interfaces/ISuperchainWETH.sol
-packages/contracts-bedrock/src/governance/GovernanceToken.sol
-packages/contracts-bedrock/src/governance/interfaces/IGovernanceToken.sol
-packages/contracts-bedrock/src/dispute/interfaces/IFaultDisputeGame.sol
-packages/contracts-bedrock/src/dispute/interfaces/IPermissionedDisputeGame.sol