Disable noisy `detect-object-injection` rule by default

Proposal

In #351399 (closed), we disabled detect-object-injection behind the SAST_EXPERIMENTAL_FEATURES flag. For reasoning about why this rule deserved to be disabled, see the issue.

This issue tracks making this change available to all customers by default, without passing SAST_EXPERIMENTAL_FEATURES.