Add or improve remediation advice in GitLab-maintained SAST rules

Problem

SAST findings can be difficult for people to understand. What should I do about the particular issue I've just been told about? How do I fix it?

Currently we use the description field to describe the problem, but sometimes we don't do a great job of helping people know what to do to fix the problem.

Proposal

Sweep through GitLab-maintained rules and ensure that there is enough information to allow a competent developer (who is not necessarily a security expert) to know what to do next, or at least what research to do.