Java: Deprecate the content of ResponseSplittingLocalQuery and remove local query variant.

Author: michaelnebel

java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll

@@ -7,7 +7,7 @@ private import semmle.code.java.security.ResponseSplitting
 /**
  * A taint-tracking configuration to reason about response splitting vulnerabilities from local user input.
  */
-module ResponseSplittingLocalConfig implements DataFlow::ConfigSig {
+deprecated module ResponseSplittingLocalConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink }
@@ -32,6 +32,8 @@ module ResponseSplittingLocalConfig implements DataFlow::ConfigSig {
 }
 
 /**
+ * DEPRECATED: Use `ResponseSplittingFlow` instead and configure threat model sources to include `local`.
+ *
  * Taint-tracking flow for response splitting vulnerabilities from local user input.
  */
-module ResponseSplittingLocalFlow = TaintTracking::Global<ResponseSplittingLocalConfig>;
+deprecated module ResponseSplittingLocalFlow = TaintTracking::Global<ResponseSplittingLocalConfig>;