feat(detectors): Add Query Injection Detector (#92860)

this pr adds a query injection detector, similar to the SQL injection
one added in #91846.

this detector also creates issues of type
DBInjectionVulnerabilityGroupType. This detector also looks at the
request body but instead of looking for strings that are matching
between the request, we are looking at objects being passed in that
appear in the query. In Mongo and some other services, passing an object
still creates a valid query, but is rarely what is intended. This first
draft is primarily targeted at Mongo

Example - is the input is username but a user passes in `{"$ne": null}`,
it would match all usernames that are not null. This detector will
detect fewer issues though, since we are looking for objects being
passed in, which is less likely to happen.

Author: roggenkemper