Add option for more complete analysis

[david-a-wheeler]

Add an option for a more complete option that does not omit many functions.

The resolution of https://github.com/ossf/fuzz-introspector/issues/107 as implemented in https://github.com/ossf/fuzz-introspector/pull/115 is to "cut off [various] functions early in the LLVM plugin so they never enter the analysis." This makes the default more likely to find "interesting" results, but it means that some vulnerabilities cannot be found.

DavidKorczynski commented that:

Long term I think it would make sense moving towards a direction where fuzz-introspector is purely focused on gathering a lot of data and offering analyses, but without being highly opinionated (i.e. removing data) on the exact parameters of the analyses etc but rather allowing the users themselves to choose. But that's many months from now.

I don't want that important thought lost, so I'm adding this as an issue. Thanks!

[DavidKorczynski]

Related in terms of ensuring complete project-wide analysis: https://github.com/ossf/fuzz-introspector/issues/6

[DavidKorczynski]

One more thing I wanted to add relative to the idea of gathering data and offering analyses in contrast to being opinionated is that fuzz-introspector is likely to have several types of users who want to have different types of context presented. Specifically, fuzz-introspector will be used by: 1) Security researchers -- who know a lot about security but less about the target code they analyse 2) Developers -- who know less about security but a lot about the target code they analyse

The specific data each of these types of users want is different as they likely face different types of issues when fuzzing the same piece of software.