Add prototype pollution detection for __proto__ usage

[fraxken]

Building on the recently added monkey-patch warning, we should add detection for potential prototype pollution vulnerabilities.

While static analysis can't reliably detect all input-based prototype pollution issues, we can warn users when dangerous patterns are detected in the codebase, such as direct usage of the __proto__ literal.

Proposed approach:

Add a warning when the analyzer detects:

• Direct property access using __proto__ (e.g., obj.__proto__)
• String literal "__proto__" used as a property key
• Dynamic property assignment that could enable prototype pollution

Examples:

// Should trigger warning
const obj = {};
obj.__proto__.polluted = true;

// Should trigger warning
const key = "__proto__";
userInput[key] = maliciousValue;

// Should trigger warning
Object.assign({}, JSON.parse(userInput));

Expected behavior:

The tool should emit a prototype-pollution warning alerting developers to review these patterns for potential security implications.