Add G120 SSA analyzer for unbounded form parsing in HTTP handlers

[ccojocar]

• Introduces new G120 to detect potential memory-exhaustion paths caused by unbounded form parsing in HTTP handlers.
• Uses a pure SSA implementation (no AST fallback), checking ParseForm, ParseMultipartForm, FormValue, and PostFormValue on *http.Request.Suppresses findings when request bodies are explicitly bounded with http.MaxBytesReader.
• Wires G120 into analyzer registration, README rule catalog, and CWE mapping (CWE-400).
• Adds focused vulnerable/safe samples and analyzer test coverage; analyzer tests and lint pass.

[codecov]

Codecov Report

❌ Patch coverage is 56.03448% with 51 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.23%. Comparing base (89cde27) to head (e45d6c2).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
analyzers/form_parsing_limits.go	56.03%	31 Missing and 20 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1520      +/-   ##
==========================================
- Coverage   76.50%   76.23%   -0.28%     
==========================================
  Files          98       99       +1     
  Lines        8395     8511     +116     
==========================================
+ Hits         6423     6488      +65     
- Misses       1624     1655      +31     
- Partials      348      368      +20     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[SuperSandro2000]

The upstream go doc mentions that ParseForm is capped at 10 MB already 🤔

https://pkg.go.dev/net/http#Request.ParseForm