Change category uniqueness test

Turboscan only allows a single combination of tool name and automation
details id for testing category uniqueness.

Previously, the check in the action was not entirely correct since it
only looked at the _category_ and not the combination of the category
and the tool name.

It's even more precise now since it is looking at the actual, computed
value of the automation details id, rather than an inputted value of
the category.

This change also includes a refactoring where the action is now avoiding
multiple parsing/stringifying of the sarif files. Instead, sarif is
parsed once at the start of the process and stringified once, after
sarif processing is completely finished.

src/util.ts

@@ -35,6 +35,38 @@ export const DEFAULT_DEBUG_ARTIFACT_NAME = "debug-artifacts";
  */
 export const DEFAULT_DEBUG_DATABASE_NAME = "db";
 
+export interface SarifFile {
+  version?: string | null;
+  runs: Array<{
+    tool?: {
+      driver?: {
+        name?: string;
+      };
+    };
+    automationDetails?: {
+      id?: string;
+    };
+    artifacts?: string[];
+    results?: SarifResult[];
+  }>;
+}
+
+export interface SarifResult {
+  locations: Array<{
+    physicalLocation: {
+      artifactLocation: {
+        uri: string;
+      };
+      region?: {
+        startLine?: number;
+      };
+    };
+  }>;
+  partialFingerprints: {
+    primaryLocationLineHash?: string;
+  };
+}
+
 /**
  * Get the extra options for the codeql commands.
  */
@@ -59,8 +91,7 @@ export function getExtraOptionsEnvParam(): object {
  *
  * Returns an array of unique string tool names.
  */
-export function getToolNames(sarifContents: string): string[] {
-  const sarif = JSON.parse(sarifContents);
+export function getToolNames(sarif: SarifFile): string[] {
   const toolNames = {};
 
   for (const run of sarif.runs || []) {