cleanup: known test fault, codeql

[loriab]

Description

• there's a highly symmetric system that different versions of nwchem return a different root for. I've kept it at the one our CI uses, but others (7 tests fail #377) have hit it. so let's allow it.
• fix a couple codeql complaints to see what that looks like.

Status

• Code base linted
• Ready to go

[codecov]

Codecov Report

Merging #423 (cb02e8d) into master (5935117) will decrease coverage by 0.05%.
The diff coverage is 53.84%.

Additional details and impacted files

[WardLT]

LGTM.

Is the ".pop" the thing CodeQL complained about? Any idea what the problem with the one-line version is?

[loriab]

Is the ".pop" the thing CodeQL complained about? Any idea what the problem with the one-line version is?

Yeah, CodeQL didn't like the unused res in res = qcng.compute(resi, program, raise_error=True, return_dict=True). And it didn't like that there were side-effects (pop) in a statement that could be optimized out (assert) in assert ret.extras.pop("psiapi_evaluated", False). Those two I at least understand, but many of CodeQL's complaints are like this https://github.com/MolSSI/QCEngine/security/code-scanning/156 where I've clearly made a copy before altering input parameters, so if anyone understands the trouble or a solution, I'd be glad to hear of it.