Add disallowJavaScriptCode rule

[patriksimek]

This PR adds a new rule to disallow usage of JavaScript inside a template. This is useful in situations when Pug is used as lightweight markup language but allowing access to code is not desirable.

For me Pug mixed with Markdown filter is the most comfortable way to create static HTML documents, like rich documentation. This rule should prevent the possibility to insert malicious code.

I read the docs twice, but I'm not 100% sure if I covered all the places where JavaScript can be included.

[codecov-io]

Current coverage is 100% (diff: 100%)

Merging #114 into master will not change coverage

@@           master   #114   diff @@
====================================
  Files          49     50     +1   
  Lines         915    921     +6   
  Methods         0      0          
  Messages        0      0          
  Branches        0      0          
====================================
+ Hits          915    921     +6   
  Misses          0      0          
  Partials        0      0          

Powered by Codecov. Last update eb60b36...62f1e7c

[TimothyGu]

Instead of just disabling all JavaScript, would you prefer to use something like constantinople to only error out on non-constant JS expressions?

[patriksimek]

In my case I would prefer to disable javascript completly.

[TimothyGu]

@patriksimek, I mean, what you are doing right now is what constantinople does, but imperfectly with three regexes (!(/^-?\d*\.?\d*$/.test(token.val) || /^"(?:[^"\\]|\\.)*"$/.test(token.val) || /^'(?:[^'\\]|\\.)*'$/.test(token.val))) instead of a proper parser.