Declare Microsoft.Diagnostics.Tracing references as PrivateAssets

[markusroessler]

The following package references greatly increase the final nuget package size (e.g. ~5 MB when packaging as a dotnet tool)

https://github.com/microsoft/sarif-sdk/blob/3a5a3d93a7e71c96851925eb0157216b276a3768/src/Sarif/Sarif.csproj

<PackageReference Include="Microsoft.Diagnostics.Tracing.EventRegister" Version="1.1.28" Condition="$(OS) == 'Windows_NT'" />
<PackageReference Include="Microsoft.Diagnostics.Tracing.TraceEvent" Version="3.1.3" />

Would it be possible to declare these references as PrivateAssets? I just did this in my project and didn't experience any compile or runtime errors:

<!-- Sarif.Sdk with excludes to reduce package size -->
  <ItemGroup>
    <PackageReference Include="Sarif.Sdk" Version="4.4.0" />
    <PackageReference Include="Microsoft.Diagnostics.Tracing.EventRegister" Version="1.1.28" ExcludeAssets="all" PrivateAssets="all" />
    <PackageReference Include="Microsoft.Diagnostics.Tracing.TraceEvent" Version="3.1.7" ExcludeAssets="all" PrivateAssets="all" />
  </ItemGroup>

[KalleOlaviNiemitalo]

Microsoft.Diagnostics.Tracing.TraceEvent is required at run time by sarif validate --etw, so it must be included in the tool package. I suppose it would be possible to reimplement this logging feature without ETW, though; perhaps by using EventListener instead. Such a change would also prevent sarif tool processes from logging each other's events if users run multiple such processes in parallel.

Microsoft.Diagnostics.Tracing.EventRegister is not needed at run time, but the files in it (eventRegister.exe, _EventRegisterUsersGuide.docx) are not included in the sarif tool package anyway, and it has no dependencies either.