Improve Tests "Sensitive Data Is Shared with 3rd party libs"

[Diolor]

From the discussions of #3485 several actions are required in the new proposed multi-method format:

1. Firstly, we need to associate tests with MASWE-0111.
2. Secondly, we need a combination of sub-tests to determine if the app is sending sensitive data (without explicitly mentioning them in the Privacy Policy). Namely:
   1. Create (02te0) "Use of Third-Party Tracking & Analytics SDKs": enumerate which SDKs are used by the app (and which might not be mentioned in the policies)
   2. Create (02te2) "Static References to Third-Party Tracking & Analytics SDK APIs Known to Handle Sensitive User Data": to have a glance at the APIs that may be in use even before running dynamic to confirm.
   3. Propose/create (02te4) as an alternative method to branch's 02te3 to validate that "Sensitive Data are Sent via Network Calls"
   4. Use the above new test together with (from branch) 02te1 and 02te3 to determine such cases
3. Finally, ensure to link everything to the outcomes from Add Google Data Safety and Privacy Policy retrieval support #3597.

Samples:

---
platform: android
title: Use of Third-Party Tracking & Analytics SDKs
id: MASTG-TEST-02te0
type: [manual]
weakness: MASWE-0112
profiles: [P]
---

## Overview

This test verifies whether an app uses tracking or analytics SDKs.

## Steps

1. Use @MASTG-TECH-0130 or @MASTG-TECH-0131 to generate an SBOM.

## Observation

The output should contain a list of the embedded/3rd-party libraries used in the app.

## Evaluation

Evaluate those libraries online or their codebase for their purpose. The test case fails if any of the libraries are used for tracking or analytics purposes. If no such libraries are found, the test case passes.

> TIP: If they are free & open source libraries, you may search their codebase such as by looking for permissions like `INTERNET` or `ACCESS_NETWORK_STATE` in their manifest files, or check their documentation for network-related features as network access is typically required for tracking or analytics SDKs to send data to their servers.

---
platform: android
title: Identifying Sensitive Data Sent via Network Calls
id: MASTG-TEST-02te4
type: [dynamic]
weakness: MASWE-0108
prerequisites:
  - identify-sensitive-data
profiles: [P]
---

## Overview

This test verifies whether an app is sending sensitive data (e.g., PII) via network calls.

## Steps

1. Use @MASTG-TECH-0119 to hook network functions and try to detect PII or in their calls.
2. Use the backtraces to find out which component is sending what PII or secrets. This should also include the corresponding network domains.

## Observation

The output should contain a list of the locations where network functions are called and the data being sent.

## Evaluation

The test case fails if you can find sensitive data being passed to these network functions in the app code, indicating that the app is sharing sensitive data via network calls. If no such data sharing is found, the test case passes.

Static Rule:

rules:
  - id: mastg-android-usage-of-firebase-analytics
    languages:
      - java
    severity: INFO
    message: "[MASVS-PRIVACY] App uses Firebase Analytics methods"
    metadata:
      summary: "Detects if the app uses Firebase Analytics methods."
    pattern: $FA.logEvent($EVT, $ARG)