Binskim results for ASPNetCore contain duplicated issues

[andriipatsula]

Binskim cannot find symbols for two libraries:
• mscordaccore_amd64_amd64_#version#.dll
• mscordaccore_x86_x86_#version#.dll

As a result TSA reports duplicating work-items due to the reason that dll contains version in it's name

AspNetCoreRuntime.8.0.x64.8.0.0-rc-1-23375-5.nupkg\content\shared\Microsoft.NETCore.App\8.0.0-rc.1.23375.1\mscordaccore_amd64_amd64_8.0.23.37501.dll

Four ideas were proposed:

1. We could exempt dlls with versions included from scanning (presuming the dll in its short form name is present and scanned as well). This seems to have two drawbacks
   a. I’m not sure if that would be possible from the compliance perspective
   b. We might miss assets with versions included in their names that wouldn’t be part of this schema
2. Upload the long form name PDBs to the symbols server so they are found (presuming this helps with finding the pdbs)
3. Do some custom workaround (like rename the dlls) so their pdbs are found (which seems hacky and introduces special-case complexity, so I’d like to avoid it if possible)
4. Keep the reports as they are, with duplication

PR for the 2nd idea: dotnet/runtime#90109

[andriipatsula]

I had a conversation with the Guardian support team.
I prepared a PR which trims the version from the TargetPath and as a results version won't affect scan results:
PR: https://dev.azure.com/dnceng/internal/_git/dotnet-release/pullrequest/33204

[andriipatsula]

PR is merged. Validate-Dotnet runs:
Runtime: https://dev.azure.com/dnceng/internal/_build/results?buildId=2245952&view=logs&j=5670356f-8b38-5a32-2003-b78bdacf9625&t=7b93f17f-ce6d-59f6-0f2c-fc293fc0c747
ASPNetCore: https://dev.azure.com/dnceng/internal/_build/results?buildId=2245953&view=logs&j=5670356f-8b38-5a32-2003-b78bdacf9625&t=7b93f17f-ce6d-59f6-0f2c-fc293fc0c747

[andriipatsula]

Examined the latest results, and they appear good with no instances of duplicated work-items. Communicated with the ASPNetCore team