Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risksPR description

[ccojocar]

This change introduces a new SSA-based analyzer, G122, to detect unsafe filesystem operations inside filepath.Walk, filepath.WalkDir, and io/fs.WalkDir callbacks when callback path values flow into race-prone sinks such as os.Remove, os.OpenFile, os.Rename, and os.Chmod.It adds CWE mapping for the new rule as G122 -> CWE-367 (TOCTOU race condition), and adds the CWE-367 definition to the CWE data.It wires G122 into analyzer registration and updates the README available rules list.It adds dedicated G122 sample coverage with vulnerable and safe cases, including safe root-scoped usage through os.Root APIs (for example root.Open and root.Remove).Validation was completed: full test suite passes, golangci-lint reports zero issues, and gosec CLI validation confirms expected trigger and non-trigger behavior for G122.

[codecov]

Codecov Report

❌ Patch coverage is 55.80110% with 80 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.69%. Comparing base (1735e5a) to head (b668098).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
analyzers/walk_symlink_race.go	55.80%	64 Missing and 16 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1532      +/-   ##
==========================================
- Coverage   80.09%   79.69%   -0.40%     
==========================================
  Files         101      102       +1     
  Lines        9198     9379     +181     
==========================================
+ Hits         7367     7475     +108     
- Misses       1384     1442      +58     
- Partials      447      462      +15     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.