Support the WordPress PHPCS ruleset

This adds support for the WordPress PHPCS ruleset and addresses the 752 reported problems.

Added caching to a number of queries.
Improved nonce handling, often just sanitizing the nonce (needlessly? see https://github.com/WordPress/WordPress-Coding-Standards/issues/869).
Added 3 namespace-global functions to get phpcs to see them (see https://github.com/WordPress/WordPress-Coding-Standards/issues/1766).
Some sanitization overrides where submitted arrays are checked inside a loop.
Lots of wp_unslash, often likely really fixing bugs with slashable characters, sometimes not really necessary because we're using in_array (see https://github.com/WordPress/WordPress-Coding-Standards/issues/1691).

This was a lot of work but I hope we can benefit from the rules going forward. Likely it also fixed some insufficient escaping. Hopefully it didn't break too much, I tried to test all UI-related features that I modified.

> @php ./vendor/squizlabs/php_codesniffer/bin/phpcs --runtime-set testVersion 5.6- '--report=source'
..E.E..WWW..E..WWEEEEEWWWE..EE..EEE.EEE.W.EEW.EWE........E..  60 / 136 (44%)
WE.E..E...E.W......W...E.E...EEE...EE.EE.EE..EE...E......... 120 / 136 (88%)
................                                             136 / 136 (100%)

PHP CODE SNIFFER VIOLATION SOURCE SUMMARY
-------------------------------------------------------------------------------------------
    SOURCE                                                                            COUNT
-------------------------------------------------------------------------------------------
[ ] WordPress.Security.ValidatedSanitizedInput.InputNotSanitized                      175
[ ] WordPress.Security.ValidatedSanitizedInput.MissingUnslash                         145
[ ] WordPress.Security.NonceVerification.Recommended                                  105
[ ] WordPress.Security.ValidatedSanitizedInput.InputNotValidated                      69
[ ] WordPress.WP.GlobalVariablesOverride.Prohibited                                   46
[ ] WordPress.PHP.DiscouragedPHPFunctions.urlencode_urlencode                         33
[ ] WordPress.Security.NonceVerification.Missing                                      30
[ ] WordPress.DB.DirectDatabaseQuery.DirectQuery                                      25
[ ] WordPress.DB.DirectDatabaseQuery.NoCaching                                        23
[ ] Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed                   16
[ ] WordPress.WP.Capabilities.Unknown                                                 13
[ ] Squiz.Operators.IncrementDecrementUsage.Found                                     9
[ ] WordPress.PHP.IniSet.display_errors_Disallowed                                    6
[ ] WordPress.DB.SlowDBQuery.slow_db_query_meta_key                                   5
[ ] Generic.CodeAnalysis.UnusedFunctionParameter.Found                                4
[ ] Generic.CodeAnalysis.RequireExplicitBooleanOperatorPrecedence.MissingParentheses  3
[ ] Squiz.PHP.NonExecutableCode.Unreachable                                           3
[ ] WordPress.DB.SlowDBQuery.slow_db_query_meta_value                                 3
[ ] WordPress.WP.EnqueuedResourceParameters.NotInFooter                               3
[ ] Generic.Strings.UnnecessaryStringConcat.Found                                     2
[ ] Squiz.PHP.CommentedOutCode.Found                                                  2
[ ] Squiz.PHP.DisallowSizeFunctionsInLoops.Found                                      2
[ ] Universal.CodeAnalysis.ConstructorDestructorReturn.ReturnValueFound               2
[x] Universal.ControlStructures.DisallowLonelyIf.Found                                2
[ ] WordPress.PHP.DevelopmentFunctions.error_log_print_r                              2
[ ] WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler                    2
[ ] WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize                       2
[ ] WordPress.WP.AlternativeFunctions.file_system_operations_fclose                   2
[ ] WordPress.WP.AlternativeFunctions.file_system_operations_fwrite                   2
[ ] WordPress.WP.AlternativeFunctions.json_encode_json_encode                         2
[ ] Generic.CodeAnalysis.EmptyStatement.DetectedElse                                  1
[ ] Generic.CodeAnalysis.EmptyStatement.DetectedIf                                    1
[ ] Generic.CodeAnalysis.ForLoopWithTestFunctionCall.NotAllowed                       1
[ ] Generic.CodeAnalysis.UnconditionalIfStatement.Found                               1
[ ] Universal.Files.SeparateFunctionsFromOO.Mixed                                     1
[ ] WordPress.DB.SlowDBQuery.slow_db_query_tax_query                                  1
[ ] WordPress.PHP.DevelopmentFunctions.error_log_error_log                            1
[ ] WordPress.PHP.DevelopmentFunctions.error_log_var_dump                             1
[ ] WordPress.PHP.DevelopmentFunctions.error_log_var_export                           1
[ ] WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize                         1
[ ] WordPress.PHP.DiscouragedPHPFunctions.system_calls_exec                           1
[ ] WordPress.WP.Capabilities.RoleFound                                               1
[ ] WordPress.WP.CronInterval.CronSchedulesInterval                                   1
[ ] WordPress.WP.DiscouragedFunctions.query_posts_query_posts                         1
-------------------------------------------------------------------------------------------
A TOTAL OF 752 SNIFF VIOLATIONS WERE FOUND IN 44 SOURCES
-------------------------------------------------------------------------------------------
PHPCBF CAN FIX THE 1 MARKED SOURCES AUTOMATICALLY (2 VIOLATIONS IN TOTAL)
-------------------------------------------------------------------------------------------

Time: 13.64 secs; Memory: 56MB

akirk / friends

Support the WordPress PHPCS ruleset #329