Remove the tooling directory from custom SAST scan
What does this MR do and why?
The custom SAST rules don't need to scan dev-only code so this MR removes the tooling
directory from the scan.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
N/A
How to set up and validate locally
Pipelines-only change