Fix IDOR check bypassed when placeholder can't be resolved

[hansott]

When resolvePlaceholder returned undefined (e.g. better-sqlite3 params passed as individual args instead of an array), the tenant value comparison was silently skipped. Now unresolvable placeholders produce an explicit error. Also fixes BetterSQLite3 param extraction to handle both .all([v1, v2]) and .all(v1, v2).

Summary by Aikido

Security Issues: 0	🔍 Quality Issues: 2	Resolved Issues: 0

⚡ Enhancements

• Added named and positional placeholder resolution in BetterSQLite3 resolver
• Improved Postgres placeholder parsing to match exact $n tokens
• Added is_placeholder flag to IDOR analysis types and checks
• Added Object.hasOwn typings to prevent prototype pollution issues

🐛 Bugfixes

• Fixed IDOR check bypass when placeholders couldn't be resolved
• Fixed BetterSQLite3 parameter extraction for array and individual arguments

^{More info}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!