Backport OpenStruct fix to version shipped in Ruby 3.1

[dobrite]

Problem Statement

The OpenStruct implementation differs between Ruby 2.7 and 3.1. The
latter comes with OpenStruct 0.5.2. That version has a bug that was
fixed in version 0.5.4.

The TL;DR of the impact of that bug in this repo is that brakeman
includes JSON with an attribute named class. This shadows the normal
class method and causes self.class.ancestors to blow up. The fix
uses the aliased class! method to do the Right Thing™.

Here is a failing Publishing run. We're on Ruby 3.1.

Here is a snippet illustrating the error:

[13] pry(main)> JSON.parse("{ \"class\": \"s\", \"method\": null }", { object_class: OpenStruct })

NoMethodError: undefined method `ancestors' for "s":String

        self.class.ancestors.any? do |mod|
                  ^^^^^^^^^^
from /Users/dave/.rbenv/versions/3.1.2/lib/ruby/3.1.0/ostruct.rb:249:in `is_method_protected!'

Fix

Backport the fix to broken versions of ostruct. Tested in publishing SAT.

[wassimk]

Pioneering Ruby 3.1 🎉 !

This looks like a great solution to me. We can remove it when everyone is on Ruby 3.1.

[dobrite]

@wassimk This isn't working as-is. I'll rework and then ping you again. Sorry for the bother!

[dobrite]

@wassimk I reworked this to back port the patch to the broken version.

The prior attempt of installing a later version of ostruct did not work because ostruct is a "default" gem and so one cannot "activate" a newer version.

This fix can get reverted once all repos that use balto-brakeman are updated to a version of Ruby with a fixed version of ostruct. Best guess is that will require Ruby 3.2 and above. So, this might need to be in here for a while.

[dobrite]

Fix balto-brakeman to fix check failures on Github PRs

[wassimk]

Thank you for fixing this for everyone else too. 👏🏼

[dobrite]

@molawson I tagged you for a second review because I saw you in the commit history too 😅