Diff-informed queries: phase 3 (non-trivial locations)

[d10c]

This PR enables diff-informed mode on queries that select a location other than dataflow source or sink. This entails adding a non-trivial location override that returns the locations that are actually selected.

Prior work includes PRs like #19663, #19759, and #19817. This PR uses the same patch script as those PRs to find candidate queries to convert to diff-enabled. This is the final step in mass-enabling diff-informed queries on all the languages.

Commit-by-commit reviewing is recommended.

• I have split the commits that add/modify tests from the ones that enable/disable diff-informed queries.
• If the commit modifies a .qll file, in the commit message I've included links to the queries that depend on that .qll for easier reviewing.
• Feel free to delegate parts of the review to others who may be more specialized in certain languages.

Potentially tricky cases:

• [TEST] C++: CWE-020/ExternalAPI: add tests based on qlhelp: I wasn't able to get alerts to show up for the qhelp-based tests; can someone from the language team chip in to what a useful test would look like? Similar case with the Python TimingAttackAgainstHash test. In contrast, in [TEST] Java: CWE-020/ExternalAPI I was able to get alerts just from the qhelp example, and in [TEST] C++: CleartextSqliteDatabase I was able to get alerts from a mostly Copilot-written test.
• [DIFF-INFORMED] C++: (IR) ExternalAPIs: config used in two queries, but one of them without a location; I guess that's fine?
• [DIFF-INFORMED] C++: SSLResultConflation: query uses a secondary config (i.e. calls the same config twice), but this does pass tests, unlike the other queries with secondary configs. Can I get a sanity check here? Let me know if you find other cases of secondary configs that are passing tests.
• [DIFF-INFORMED] Java: LogInjection: disabled because of mysterious OOM during --check-diff-informed locally and in CI. Should create a follow-up issue.
• I'm not sure how important it is to have the location overrides be as precise as possible by including all the clauses from the where, or if it's good enough to overapproximate and just pass the --check-diff-informed tests.

[d10c]

DCA results: some slowdowns on Python, but they don't seem to be related to these changes. Java had some timeout-related failures, so I'll restart that. Overall, no negative performance impact on empty-diff.

[michaelnebel]

This is a very large diff for a single PR. Would it be a lot of extra work to split this into one PR per language? Then it will also be possible to merge a bit at the time (there might be issues with getting DCA running successfully for this many languages and it will be a shame to block merging changes while waiting for DCA/review for other languages).

[d10c]

Sure, I can split it off into separate PRs per language.

[michaelnebel]

Sure, I can split it off into separate PRs per language.

Thank you - that will be really appreciated. You also structured the commits very nicely, so it seems doable 😄