Adds testFixturesApi and testFixturesImplementation to gradle test co…

[meghfossa]

Overview

With this change, fossa-cli considers,

• testFixturesApi
• testFixturesImplementation

to test environment configuration, and as such, they are by default excluded from fossa analysis reporting.

Acceptance criteria

• When fossa analyze is ran on Gradle project, dependencies originating from testFixturesApi configuration are not included in final dependency graph
• When fossa analyze is ran on Gradle project, dependencies originating from testFixturesImplementation configuration are not included in final dependency graph

Testing plan

1. Get Gradle project (refer to Gradle official sample)
2. Add the following to build.gradle

    // API dependencies are visible to consumers when building
    testFixturesApi 'org.apache.commons:commons-lang3:3.9'

    // Implementation dependencies are not leaked to consumers when building
    testFixturesImplementation 'org.apache.commons:commons-text:1.6'

3. make install-dev
4. fossa-dev analyze -o | jq (in the sourceUnit, you should not see org.apache.commons:commons-text:1.6 or org.apache.commons:commons-lang3:3.9

Risks

Per https://docs.gradle.org/current/userguide/java_testing.html#sec:java_test_fixtures, this is test configuration. This seems to be low risk.

References

#919

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense).
• If this PR introduced a user-visible change, I added documentation into docs/.
• If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
• If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).

[skilly-lily]

LGTM I think this is completely safe.