Convert go sqli rule to taint mode to reduce false-positives

What does this MR do?

Converts the concat-sqli Go rule to taint mode to reduce false-positives

The previous rule would flag occurrences of fmt.Sprintf(...) if the format argument contained a SQL query keyword such as select, update, insert, etc. The rule seemed to be attempting to emulate a taint mode flow, but it FP'ed because of the lack of distinction between source and sink patterns in the regular rule mode.

Playground: https://semgrep.dev/playground/s/KxJwn

What are the relevant issue numbers?

• Fix go/sql/rule-concat-sqli.yml to require stri... (gitlab-org/gitlab#451108 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer