JS: Update alerts in HardcodedCredentials test

Note that file is inside a folder named __tests__. The same code is found in another file outside the test folder, where it is flagged.

Author: asgerf

javascript/ql/test/query-tests/Security/CWE-798/__tests__/HardcodedCredentialsDemo.js

@@ -2,10 +2,10 @@
     const pg = require('pg');
 
     const client = new pg.Client({
-        user: 'dbuser',
+        user: 'dbuser', // $ Alert
         host: 'database.server.com',
         database: 'mydb',
-        password: 'hgfedcba',
+        password: 'hgfedcba', // $ Alert
         port: 3211,
     });
     client.connect();
@@ -15,17 +15,17 @@
     const JwtStrategy = require('passport-jwt').Strategy;
     const passport = require('passport')
 
-    var secretKey = "myHardCodedPrivateKey";
+    var secretKey = "myHardCodedPrivateKey"; // OK - JWT keys in tests are not flagged
 
     const opts = {}
-    opts.secretOrKey = secretKey; // $ Alert
+    opts.secretOrKey = secretKey;
     passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
         return done(null, false);
     }));
 
     passport.use(new JwtStrategy({
         secretOrKeyProvider: function (request, rawJwtToken, done) {
-            return done(null, secretKey) // $ Alert
+            return done(null, secretKey)
         }
     }, function (jwt_payload, done) {
         return done(null, false);