Add or overhaul SAST rules to cover additional vulnerability types or variants
## Context
See https://gitlab.com/groups/gitlab-org/-/epics/10907+ for overall context and other iterations.
## Scope
This group of changes relates to adding new rules, or significantly overhauling existing rules, to cover new cases.
The scope is limited to the existing languages already covered by Semgrep-based scanning in GitLab SAST. Requests for new language support are covered by https://gitlab.com/groups/gitlab-org/-/epics/5245+.
## Note
Note that we will not necessarily be able to implement every rule request or suggestion, but will make efforts to add or update rules when feasible.
Rules that require significant research or development efforts may be limited to ~"GitLab Ultimate" only, but we do not currently make any distinctions between the rulesets available at different tiers.
## Language priority per PM
1. Java
2. Python
3. Ruby - tracked in https://gitlab.com/gitlab-org/gitlab/-/issues/425087+s
4. JavaScript (client side as a higher priority than server side)
5. C#
Team skills / interest [GitLab internal sheet](https://docs.google.com/spreadsheets/d/1XFxnzRlNmykbxzFrdkK5v8Ef5GA49Wn1mrlvg0VfVuY/edit#gid=0)
epic