format: make #nosec explicitly a comment directive

https://github.com/securego/gosec#annotating-code

Incidentally, #nosec was already mostly treated as a comment directive
due to another check done after the regex match. This just makes it
explicit and adds related test cases.

Some versions of gosec also support the //gosec:disable directive,
but that's quite well hidden in docs compared to //#nosec.

Author: scop

format/format.go

@@ -318,6 +318,7 @@ func (f *fumpter) lineEnd(line int) token.Pos {
 //	//line         | inserted line information for cmd/compile
 //	//noinspection | noinspection directive for GoLand and friends
 //	//nolint       | nolint directive for golangci
+//	//#nosec       | #nosec directive for gosec
 //	//NOSONAR      | NOSONAR directive for SonarQube
 //	//sys(nb)?     | syscall function wrapper prototypes
 //
@@ -330,6 +331,7 @@ var rxCommentDirective = regexp.MustCompile(
 		`|extern` +
 		`|line` +
 		`|no(?:inspection|lint)` +
+		`|#nosec` +
 		`|NOSONAR` +
 		`|sys(?:nb)?` +
 		`)\b`)

testdata/script/comment-spaced.txtar

@@ -32,6 +32,10 @@ package p
 
 //noinspection foo,bar
 
+//#nosec
+
+//#nosec G000 G999 -- explanation
+
 //not actually: a directive
 
 //https://just.one/url
@@ -99,6 +103,10 @@ package p
 
 //noinspection foo,bar
 
+//#nosec
+
+//#nosec G000 G999 -- explanation
+
 // not actually: a directive
 
 // https://just.one/url