feat: Add privacy specific taxonomy

[jajanet]

As part of #47, this PR helps ensure P0 CUJ-1 (log data leak ID and removal) and P0 CUJ-2 (ID sensitive flow to 3P) is addressed in the security:analyze command

This also helps cover more privacy specific features via outputting a simple datamap with source and sinks that the end of the analysis

Pending more test cases, this is an example of what a run would look like with a small set of tests: https://screenshot.googleplex.com/8nuFzxWcS5V2X6b (computer settings won't let me paste or upload an image to GH for some reason)

In short, this mainly adds:

• privacy taint analysis skill to make sure those issues are flagged (similar to security ones)
• edits the following analysis fields:
  • Location --> Source Location, to make the privacy datamap more clear
• the following fields to the analysis:
  • vulnerability type (to differentiate between privacy and security issues)
  • sink (only for privacy issues, to complete the datamap)
  • data type (only for privacy issues, to flag the specific PII)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[capachino]

Looks good overall, a few more things before merging:

• I believe you'll also need to update commands/security/analyze-github-pr.toml so maybe after everyone LGTM the changes to analyze.toml
• Should update the repo README.md to reflect these new capabilities.