feat: trivial parameterization anti-patterns analysis support

[DeagleGross]

PR adds the analysis of how sql parameter is passed: 1) if like an interpolated string $"select * from customers where Id={id}", reports DAP241; 2) if like an interpolated raw string literal $"""select * from customers where Id={id}""", reports DAP241; 3) if like an concatenated string "select * from customers where Id=" + id, reports DAP242; 4) also added a special case support for string.Format (reports DAP242 as in the case of concatenated strings);

Also supported lookup for local variables: in case sql argument is not passed directly, but via the local variable. Example:

int id = 1;
var sqlQuery = "select Id from Customers where Id = " + id;
_ = connection.Query<int>(sqlQuery);

DiagnosticId	Title	Message
DAP241	Interpolated string usage	Data values should not be interpolated into SQL string - use parameters instead
DAP242	Concatenated string usage	Data values should not be concatenated into SQL string - use parameters instead

Closes #35

[mgravell]

Looks amazing! An additional possible test scenarios: does it work for interpolated raw string literals? i.e.

$$"""
select * from
customers where Id = {{id}}
"""

[DeagleGross]

@mgravell addressed PR comments

[mgravell]

Many thanks.