check for cleartextTraffic in network config as well?

As pointed out by @eighthave our manifest check for android:usesCleartextTraffic (from #475 (closed)) might miss things declared in network config:

Sounds like the IzzyOnDroid scanner would not catch android:usesCleartextTraffic="false" then in the Network Security Policy, sets <base-config cleartextTrafficPermitted="true" />.

So we might need to take that into consideration as well. As a base, thanks to the suggestion by @obfusk:

Though if devs take the efforts setting up a network config, they were aware of the implications and usually pinned cleartext traffic rather fittingly. The cases that need attention are rather those where they were not aware and did not set up appropriate rules – and such cases are covered by the implementation with #475 (closed) already.

Still opening this issue for consideration, so the idea doesn't get lost.