chore: Remove gosec from test files

[alarso16]

Why this should be merged

Specifying each nosec clause in a test file is unnecessary. If something's wrong, the test will probably fail! Most of the time, it's false positives anyway

How this works

Remove gosec checks from tests and all corresponding nolints. I found some other stale nosec's, so I removed them too. Unfortunately, there doesn't seem to be a linter for unnecessary nosec's.

How this was tested

CI passes

Need to be documented in RELEASES.md?

No

[Copilot]

Pull request overview

This PR reduces gosec noise in the repo by stopping gosec from scanning test code (including test-only helper packages) and removing now-unnecessary #nosec annotations from test/benchmark/fuzz files.

Changes:

• Update the dedicated saevm gosec config (.gosec-golangci.yml) to exclude test files/directories from gosec runs.
• Remove #nosec (and related nolint/inline suppression comments) across many test, fuzz, and benchmark files.

Reviewed changes

Copilot reviewed 28 out of 28 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
wallet/chain/p/builder_test.go	Removes gosec suppression comments from test-only randomness usage.
vms/saevm/txgossip/txgossip_test.go	Removes #nosec from deterministic RNG setup in tests.
vms/saevm/saexec/saexec_test.go	Removes #nosec suppressions for RNG and safe integer conversions in tests.
vms/saevm/sae/worstcase_test.go	Removes #nosec suppressions around RNG seeding and safe conversions in tests.
vms/saevm/sae/rpc_test.go	Removes #nosec suppressions for safe index/type conversions in RPC tests.
vms/saevm/sae/recovery_test.go	Removes #nosec from deterministic RNG setup in tests.
vms/saevm/sae/accept_block_test.go	Removes #nosec from deterministic RNG setup in tests.
vms/saevm/proxytime/proxytime_test.go	Removes #nosec suppression from a safe time-to-uint64 conversion in tests.
vms/saevm/intmath/intmath_test.go	Removes #nosec from deterministic RNG setup in tests.
vms/saevm/hook/hookstest/stub.go	Removes #nosec suppressions in a test-helper package (matched by test path exclusions).
vms/saevm/gastime/acp176_test.go	Removes #nosec suppressions in fuzz-related test code.
vms/saevm/blocks/blockstest/chain.go	Removes #nosec suppression in a test-helper package.
vms/platformvm/warp/message/register_l1_validator_test.go	Removes #nosec suppressions from test-only randomness.
vms/platformvm/warp/message/l1_validator_weight_test.go	Removes #nosec suppressions from test-only randomness.
vms/platformvm/validators/manager_benchmark_test.go	Removes #nosec suppression from benchmark randomness.
vms/platformvm/state/diff_test.go	Removes #nosec suppression from test-only randomness.
utils/sampler/rand_test.go	Removes #nosec suppression from deterministic RNG usage in tests/fuzz.
utils/bytes_test.go	Removes #nosec suppression from benchmark randomness.
utils/bloom/filter_test.go	Removes #nosec suppression from test-only randomness.
utils/bag/bag_benchmark_test.go	Removes #nosec suppression from benchmark RNG initialization.
tests/load/tests.go	Removes #nosec suppressions from deterministic RNG usage under tests/.
tests/fixture/e2e/env.go	Removes #nosec suppression from non-crypto RNG usage under tests/.
tests/fixture/bootstrapmonitor/e2e/e2e_test.go	Removes #nosec suppression from command execution in a test file.
ids/bits_test.go	Removes #nosec suppression from test-only randomness.
database/dbtest/dbtest.go	Removes #nosec suppressions from fuzz/test-helper randomness/reads.
database/dbtest/benchmark.go	Removes #nosec suppressions from benchmark random byte generation.
chains/atomic/atomictest/shared_memory.go	Removes #nosec suppressions in a test-helper package.
.gosec-golangci.yml	Excludes gosec from test paths for the dedicated saevm gosec lint run.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ARR4N]

Specifying each nosec clause in a test file is unnecessary.

I'm not so sure about this assertion.

If something's wrong, the test will probably fail! Most of the time, it's false positives anyway

The use of "probably" is what concerns me.

[alarso16]

My informal language may have been a detriment here. "Specifying each nosec clause in a test file is unnecessary" is not necessarily a matter of opinion, and certainly should be questioned. I would say the statement is false only if there is a test bug that could have been caught by the linter. So let's prove it!

First, I think we can all agree that non-cryptographic randomness is ok for tests. Therefore, no test bug would be caught by removing this portion of the linter.

The second case which is now being ignored is overflow errors. This is certainly more interesting. All of these are conversions between int64 and uint64 with the justification "the number won't be that high". For test constants (every case with a _test.go file), this is certainly the case - we control the inputs, so they are necessarily justified. In the *test packages, I could see an argument where we arbitrarily trust the test files to provide good input, and we shouldn't. We could remove this from the linter exclusion.

If you want to refute the claim that we can remove the gosec checks from testing, can you find an instance where the nosec in a test isn't trivial?