Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks

[ccojocar]

• Introduces a new G119 security rule to detect redirect policies that can leak sensitive headers across origins.
• Flags direct request header replacement inside CheckRedirect callbacks and explicit re-adding of sensitive headers (Authorization, Proxy-Authorization, Cookie).
• Wires G119 into analyzer registration, README rule list, and CWE mapping.
• Adds focused positive/negative samples and analyzer coverage; analyzer package tests pass.

[codecov]

Codecov Report

❌ Patch coverage is 53.84615% with 84 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.50%. Comparing base (14fdd9c) to head (df914f0).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
analyzers/redirect_header_propagation.go	53.84%	61 Missing and 23 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1519      +/-   ##
==========================================
- Coverage   77.01%   76.50%   -0.51%     
==========================================
  Files          97       98       +1     
  Lines        8213     8395     +182     
==========================================
+ Hits         6325     6423      +98     
- Misses       1563     1624      +61     
- Partials      325      348      +23     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.