chore: suppress non-applicable advisories in backported-patches.json

[azmkercso]

Register non-applicable security advisories from the May 18 security scan in backported-patches.json so the scan stops flagging them.

Changes

• Update patches/backported-patches.json — add entries with note field for advisories where the vulnerable code path does not exist in Code-OSS 1.101.2
• Add @backported and @finding-id metadata to existing fix-terminal-autoreplies.diff header

Testing

• prepare-src.sh applies all patches cleanly
• No code changes — metadata only

[azmkercso]

Issue

V2213552988

Description of Changes

Register non-applicable security advisories in backported-patches.json so the nightly security scan stops flagging them. The vulnerable code paths (MCP deeplink UI, Copilot applyPatchTool) do not exist in Code-OSS 1.101.2. Also adds @backported/@finding-id metadata to the existing fix-terminal-autoreplies.diff header.

Testing

• prepare-src.sh applies all patches cleanly
• Metadata-only change — no code modifications

Screenshots/Videos

N/A

Additional Notes

Sibling PRs: #224 (main), #222 (1.1)

Backporting

The actual code fix is applied on main (PR #224) and 1.1 (PR #222). This branch only needs metadata since the vulnerable code does not exist here.

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.