osemgrep: cleanup cli_ci.ml, do not allow semgrep ci --config (semgre…

…p#9889)

Do not support also logged out semgrep ci, which simplifies
the code.

Long term we should not allow it in pysemgrep either, so better
to already cleanup the code in osemgrep.

test plan:
make

src/osemgrep/cli_ci/Ci_CLI.ml

@@ -21,6 +21,7 @@ module H = Cmdliner_
  * them to the minimum; if you want flexibility, use semgrep scan,
  * otherwise semgrep ci should be minimalist and take no
  * args at all in most cases.
+ *
  * We probably still want though conf_runner flags like:
  *  - --max-memory, -j, --timeout (even though iago want to remove it)
  *  - the pro-engine flags --pro, --oss-only, etc (even though again
@@ -29,6 +30,9 @@ module H = Cmdliner_
  *  - --include, --exclude
  *  - maybe also --output? (even though I don't understand why people
  *    just don't simply use shell redirection)
+ *
+ * Note though that now osemgrep is called first by cli/bin/semgrep, so
+ * we must accept here all flags and then fallback to pysemgrep.
  *)
 type conf = {
   (* TODO? is this still used? *)
@@ -37,7 +41,10 @@ type conf = {
   suppress_errors : bool;
   (* --code/--sca/--secrets/ *)
   products : OutJ.product list;
-  (* 'semgrep ci' shares most of its flags with 'semgrep scan' *)
+  (* BIG ONE: 'semgrep ci' shares most of its flags with 'semgrep scan'
+   * TODO: we should reduce it actually, maybe just accept the core_runner
+   * opti flags.
+   *)
   scan_conf : Scan_CLI.conf;
 }
 [@@deriving show]

src/osemgrep/cli_ci/Ci_CLI.mli

@@ -12,6 +12,7 @@ type conf = {
   suppress_errors : bool;
   (* --code/--sca/--secrets/ *)
   products : Semgrep_output_v1_t.product list;
+  (* BIG ONE: 'semgrep ci' shares many flags with 'semgrep scan' *)
   scan_conf : Scan_CLI.conf;
 }
 [@@deriving show]