Improve S6781: Add an alternative message for config users

[loris-s-sonarsource]

Why

This rule was implemented via #8996.
The current message is “JWT secret keys should not be disclosed.". When users hardcode their secrets in configuration files, there are chances that these configuration files are not stored in the version control system, and we do not have the possibility to understand whether they are.
This is a source of false positives and AppSec is aware of it.

Still, users could be confused by this message. The goal of this ticket is to improve the user experience by not being so adamant in the message.

How

In cases where the secret is defined in configuration files, specified in #8996 as:

• For .NET Framework applications: as a string in the section of App.config/web.config and obtained via the ConfigurationManager.AppSettings collection.
• For .NET Core applications: as a string in the appsettings.json file and obtained via the IConfiguration interface.

Please change the raised message to what’s specified in https://github.com/SonarSource/rspec/pull/4362/files.

[loris-s-sonarsource]

Closing this ticket. Wrong backlog!