explicitly override TreatWarningsAsErrors to false during discovery

[brettfo]

If all of the following are true:

• The repo doesn't have a NuGet.Config file (or it does but doesn't specify the <clear /> directive)
• The repo is using Central Package Management (i.e., Directory.Packages.props)
• The project sets $(TreatWarningsAsErrors) to true
• The dependabot.yml file lists custom NuGet feeds

...then dependency discovery can fail because the updater generates a NuGet.Config file before the updater is run that contains all of the feeds listed in dependabot.yml as well as api.nuget.org and if there are multiple remote feeds used with CPM, a warning NU1507 is generated indicating that no packageSourceMapping elements were specified in NuGet.Config. $(TreatWarningsAsErrors) then kicks in and prevents dependency discovery from happening.

Dependency discovery needs to succeed so we inject the command line argument /p:TreatWarningsAsErrors=false to override any property that might be set in the project file or imported .props or .targets so the NU1507 warning doesn't cause a failure. Note, properties specified on the command line always override even explicitly set properties in the project or imported files.

Side note on why api.nuget.org is added to the generated NuGet.Config that leads to this issue:

The default feed of api.nuget.org is explicitly added because if the repo doesn't contain a NuGet.Config file (or if it does and it doesn't specify the <clear /> directive) then they're already opting in to the default feed behavior which means api.nuget.org. It's possible that a developer's local machine manually removed api.nuget.org from the user-level file, but there is no way dependabot can know about that scenario and having the fallback to api.nuget.org is the default.

[brettfo]

We commonly need to create test-only HTTP NuGet feeds. In the case where the feed is expected to be well-behaved, this helper makes it a one-line addition to a test.