Add new sink kind and change note

Author: egregius313

java/ql/src/change-notes/2023-08-01-weak-randomness-query.md

@@ -0,0 +1,5 @@
+---
+category: newQuery
+---
+* Added the `java/weak-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
+

shared/mad/codeql/mad/ModelValidation.qll

@@ -30,10 +30,11 @@ module KindValidation<KindValidationConfigSig Config> {
           "js-injection", "ldap-injection", "log-injection", "path-injection", "request-forgery",
           "sql-injection", "url-redirection",
           // Java-only currently, but may be shared in the future
-          "bean-validation", "fragment-injection", "groovy-injection", "hostname-verification",
-          "information-leak", "intent-redirection", "jexl-injection", "jndi-injection",
-          "mvel-injection", "ognl-injection", "pending-intents", "response-splitting",
-          "trust-boundary-violation", "template-injection", "xpath-injection", "xslt-injection",
+          "bean-validation", "crypto-parameter", "fragment-injection", "groovy-injection",
+          "hostname-verification", "information-leak", "intent-redirection", "jexl-injection",
+          "jndi-injection", "mvel-injection", "ognl-injection", "pending-intents",
+          "response-splitting", "trust-boundary-violation", "template-injection", "xpath-injection",
+          "xslt-injection",
           // JavaScript-only currently, but may be shared in the future
           "mongodb.sink", "nosql-injection", "unsafe-deserialization",
           // Swift-only currently, but may be shared in the future