Update packages used by repo

[zivkan]

Bug

Fixes: https://github.com/NuGet/Client.Engineering/issues/2946

Description

• Enable auditSources for repo
• make NuGetAudit warnings not errors
• did restore with -p:NuGetAuditMode=all because that's going to be the default when this version of NuGet ships, and fix all warnings

The new version of xunit has some changed behaviour, ITestOutputHelper is per-test, and if it's used after the test it was created for has finished, it throws. PackageManagerTests has tests that would set NuGet's static telemetry object, but not clear it, so I split those telemetry tests into a different class, and set that class to use a collection with parallelism disabled, which makes the tests run after all parallelisable tests have finished. I have an idea for how to improve our test infrastructure to eliminate this risk happening in other test projects, but I'll implement it in another PR.

While at it, I also split the file into a bunch of smaller files, so more of those tests can be run in parallel. Now, dotnet test on my machine for this test project finishes after 1m 48s, compared to 2m 54s (and I found a test that was declared wrong, so I fixed that and now we have 2 more tests running, all in less time).

PR Checklist

• Meaningful title, helpful description and a linked NuGet/Home issue
• Added tests N/A
• Link to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc. N/A

[nkolev92]

It can be laborious to audit transitives for projects that don't ship as packages or aren't executables themselves.

We can consider limiting things to the NuGet.Core assemblies + NuGet.VisualStudio.Client, NuGet.VisualStudio, NuGet.VisualStudio.Contracts.

[nkolev92]

Nicely done.

Excited we're using audit sources!