Include code in analysis but keep only Vulnerabilities and Security Hotspots?

SonarQube Community Edition - Version 9.6.1 (build 59531)

I have a code base with a legacy directory and a new shiny one (on-going migration using the strangler pattern).
On the legacy directory, I would like to ignore Code Smells and Bugs, as we are actively working to make them no longer relevant in the long term, but I would still be interested in the eventual security issues that are found.

I tried using filters to make my life easier but since directory search is not recursive, it did not help me
Is there any way to make this kind of config work?

You can adjust Quality Profiles to only include issues of a certain type – but I’m not sure what it achieves in this instance. Why exclude them entirely (and have no information), rather than (perhaps) configuring your Quality Gate to only focus on those issue types, or filtering on Issue type in the Issues page?

The thing is, I want to focus on the security issues only for a specific part of the codebase. I don’t see a way to do that through Quality Profiles / Gate