Suppress a false positive CodeQL alarm

Author: rayluo

tests/test_e2e.py

@@ -1333,6 +1333,9 @@ def test_at_pop_calling_pattern(self):
                 nonce=self._extract_pop_nonce(resp.headers.get("WWW-Authenticate")),
                 ),
             ))
+        # The api_endpoint is for test only and has no proper SSL certificate,
+        # so we suppress the CodeQL warning for disabling SSL certificate checks
+        # @suppress py/bandit/requests-ssl-verify-disabled
         resp = requests.get(api_endpoint, verify=False, headers={
             "Authorization": "pop {}".format(result["access_token"]),
             })