Semgrep rule to detect potential xss in rest handlers

[pzhou-splunk]

Notes

• Adding a semgrep rule to detect potential XSS from the return values of REST handlers
  • see https://splunk.atlassian.net/browse/PAPP-10251 for an example
  • The OAuth/SAML question in the ProdSec questionnaire was actually intended to catch this issue