Thanks for flagging this.
Adding just "level": "note", as a field of rule definition is not SARIF format compliant AFAIK.
Could this be fixed and the "level": "note", mentioned at the results level be taken into account?
In any case, the documentation should be updated since it is not accurate to illustrate how to set the security level for the issues.
Thanks for your help!