BUG: .Net pinned dependency should support Central Package Management

[balteravishay]

Describe the bug In the .NET ecosystem all packages that are uploaded to NuGet.org are digitally signed with a x.509 certificate, and NuGet checks the validity of these signatures (and their certificate lineage) as part of the NuGet Restore action.

The current implementation of .Net pinned dependency only checks for using lock file mechanism, but instead it should check if either a lock file mechanism is used as implemented and described here, OR if the Central Package Management feature had been enabled together with pinning to specific versions of dependencies.

Reproduction steps Steps to reproduce the behavior:

1. The pinned dependency check for .net repositories should return the dependencies as pinned in cases where CPM feature is enabled and the versions of dependencies are pinned to specific versions.
2. for example: go run main.go --repo Noggog/CSharpExt --checks Pinned-Dependencies --format json --show-details | jq

Expected behavior .net repositories can pin dependencies with an exact version by using Central Package Management or utilize lock files. for the example above (Noggog/CSharpExt), it is expected that 2 out of 2 nugetCommand dependencies will be pinned.

[Apetree100122]

this overrides

<PropertyGroup> 
<ManagePackageVersionsCentrally>false
</ManagePackageVersionsCentrally>
</PropertyGroup>

this enables

<Project>
  <PropertyGroup>
    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
  </PropertyGroup>
  <ItemGroup>
    <PackageVersion Include="Newtonsoft.Json" Version="13.0.1" />
  </ItemGroup>
</Project>

< There are 3 package sources defined in <your configuration. When using central package management, < please map your package sources with package source mapping < (https://aka.ms/nuget-package-source-mapping) or specify a single package source.