improper "add negative -> subtract" transformation with floating point

[comex]

Version and Platform (required):

• Binary Ninja Version: 2.5.3140-dev (Build ID 532595b6)
• OS: macOS
• OS Version: 11.6

Steps To Reproduce: Please provide all steps required to reproduce the behavior:

1. Open this binary.

2. Notice in HLIL:

   
   00000000  uint64_t _start(float arg1 @ v0)

00000004 data_4000 0000001c return zx.q(int.d(arg1 - 0x41666666))

00000020 uint64_t sub_20(float arg1 @ v0)

00000024 data_4000 0000003c return zx.q(int.d(arg1 f+ 0x41666666))

**Expected Behavior:**
The functions are identical except for loading a different constant: one is "negative" 0x41666666, one is "positive" 0x41666666.  In reality, both constants are used as 32-bit floats, not signed integers.

In the second function, Binary Ninja indicates that floating point addition is being used with `f+ 0x41666666`.  But in the first function, Binary Ninja produces just `- 0x41666666`.  This is wrong in two ways: it doesn't indicate that floating point is being used, and in any case `arg1 f+ -0x41666666` (i.e. `arg1 f+ 0xbe99999a`, i.e. `arg1 + -0.300000011921`) is not equivalent to `arg1 f- 0x41666666` (i.e. `arg1 + 14.3999996185`).

[rssor]

This looks to actually be a type propagation bug, where we aren't treating it as a new variable with a possibly new type after the first assignment to s2. Nopping the first instruction out gets you more sensible behavior.