tsec is a TypeScript compiler wrapper for restricting use of
security-sensitive DOM APIs, in particular those that could lead to XSS
or Trusted Types violations. Add it as a linter to aio to prevent future
Trusted Types regressions on angular.io.
Also introduces security_exemptions.json, which lists the known,
security-reviewed tsec security violations. New entries can only be
added to this file after a security review, in particular making sure
that the corresponding code does not cause XSS vulnerabilities or
Trusted Types violations.
PR Close#42800
Also introduce a dependency on the Trusted Types type definitions and a
Trusted Types polyfill, safevalues. Create a security module for common,
security-reviewed transformations into Trusted Types.
PR Close#42800
This is mainly to avoid some warning when building the app, such as:
```
WARNING in .../angular/aio/src/environments/environment.archive.ts is
part of the TypeScript compilation but it's unused.
Add only entry points to the 'files' or 'include' properties in your
tsconfig.
```
(Not turning on `fullTemplateTypeCheck` due to lots of errors.)
PR Close#32923
This commit also changes the config files and their layout to
(reasonably closely) match what the cli would generate for a new app.
Related Jira issue: [TOOL-815](https://angular-team.atlassian.net/browse/TOOL-815)
PR Close#29926
