C#: Add test case for authorization attribute that extends Authorize.

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/MissingAccessControl.expected

@@ -1 +1,5 @@
-| ProfileController.cs:10:25:10:31 | Delete1 | This action is missing an authorization check. |
+#select
+| ProfileController.cs:12:25:12:31 | Delete1 | This action is missing an authorization check. |
+| ProfileController.cs:39:25:39:31 | Delete4 | This action is missing an authorization check. |
+testFailures
+| ProfileController.cs:39:25:39:31 | This action is missing an authorization check. | Unexpected result: Alert |

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs

@@ -1,6 +1,8 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 
+public class RequirePermissionAttribute : AuthorizeAttribute { }
+
 public class ProfileController : Controller
 {
     private void doThings() { }
@@ -32,6 +34,13 @@ public class ProfileController : Controller
         return View();
     }
 
+    // GOOD: The RequirePermission attribute is used (which extends AuthorizeAttribute).
+    [RequirePermission]
+    public ActionResult Delete4(int id)
+    {
+        doThings();
+        return View();
+    }
 }
 
 [Authorize]