BA2004 - Evaluate if exclude "CLI attribute types (compiler internal)" about binskim HOT 3 OPEN

If this PR would resolve an error like the following, then I would definitely appreciate such a change:

error BA2004: 'file.dll' is a native binary that directly compiles and links one or more object files which were hashed using an insecure checksum algorithm (MD5). MD5 is subject to collision attacks and its use can compromise supply chain integrity. Pass '/ZH:SHA_256' on the cl.exe command-line to enable secure source code hashing. The following modules are out of policy: Microsoft (R) Optimizing Compiler : cxx : 19.37.32824.0 : [directly linked] (.NETFramework,Version=v4.8.AssemblyAttributes.obj)

from binskim.

@michaelcfanning let me know your thoughts.

from binskim.

I'm produced the error with both Microsoft Visual Studio Professional 2022 (64-bit) / 17.6.3 and with 17.7.6. Also updated to latest MSVC v143/v14.37.-17.7. Even with these updates, binskim is reporting the BA2004 error.

The .vcxproj is building a C++/CLI DLL. Visual Studio and project are generating the .NETFramework,Version=v4.8.AssemblyAttributes.cpp file in the obj directory, where the .NETFramework,Version=v4.8.AssemblyAttributes.obj also appears.

file.dll: error BA2004: 'file.dll' is a native binary that directly compiles and links one or more object files which were hashed using an insecure checksum algorithm (MD5). MD5 is subject to collision attacks and its use can compromise supply chain integrity. Pass '/ZH:SHA_256' on the cl.exe command-line to enable secure source code hashing. The following modules are out of policy:
Microsoft (R) Optimizing Compiler : cxx : 19.37.32825.0 : [directly linked] (.NETFramework,Version=v4.8.AssemblyAttributes.obj)

from binskim.