tests: Explicitly wrap an XML call in libxml_disable_entity_loader()

As per https://www.php.net/manual/en/function.libxml-disable-entity-loader.php
this is technically unnecessary.

>However, as of libxml 2.9.0 entity substitution is disabled by default,
>so there is no need to disable the loading of external entities.

See also php/php-src#5867

>Since the release of libxml 2.9.0 in 2012 external entity loading is
>disabled in libxml by default. This means that using
>libxml_disable_entity_loader() is no longer needed.

Hopefully helps prevent false positive reports from security scanning tools.

Change-Id: I7cabc5b8d44813d709a11db2f219ae16260542c7

Author: reedy

tests/phan/bin/postprocess-phan.php

@@ -66,7 +66,10 @@ class CheckStyleSuppressor extends Suppressor {
 	 */
 	public function suppress( $input ) {
 		$dom = new DOMDocument();
+
+		$oldDisable = libxml_disable_entity_loader( true );
 		$dom->loadXML( $input );
+
 		$hasErrors = false;
 		// DOMNodeList's are "live", convert to an array so it works as expected
 		$files = [];
@@ -95,6 +98,7 @@ public function suppress( $input ) {
 			}
 		}
 		echo $dom->saveXML();
+		libxml_disable_entity_loader( $oldDisable );
 
 		return $hasErrors;
 	}