feat: fail Semgrep on internal errors (wrong ruleset or else)

| ----------------------- | -------------------------------------- | ----------------- |

| `semgrep-disabled` / `NODE_SEMGREP_DISABLED` | Set to `true` to disable this job | _none_ |

| `semgrep-image` / `NODE_SEMGREP_IMAGE`    | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` |

| `semgrep-args` / `NODE_SEMGREP_ARGS`     | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check` |

| `semgrep-args` / `NODE_SEMGREP_ARGS`     | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check --no-suppress-errors` |

| `semgrep-rules` / `NODE_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/javascript p/eslint p/gitlab-eslint` |

| `semgrep-download-rules-enabled` / `NODE_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules | `true` |

        {

          "name": "NODE_SEMGREP_ARGS",

          "description": "Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options)",

          "default": "--metrics off --disable-version-check"

          "default": "--metrics off --disable-version-check --no-suppress-errors"

        },

        {

          "name": "NODE_SEMGREP_RULES",

      default: false

    semgrep-args:

      description: Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options)

      default: --metrics off --disable-version-check

      default: --metrics off --disable-version-check --no-suppress-errors

    semgrep-rules:

      description: |-

        Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).