Added test case for Array.prototype.toSorted, which is currently not flagged as a taint sink.

Author: Napalys

javascript/ql/test/library-tests/TaintTracking/tst.js

@@ -59,4 +59,8 @@ function test() {
     tagged`foo ${"safe"} bar ${x} baz`;
 
     sink(x.reverse()); // NOT OK
+
+    sink(x.toSorted()) // NOT OK
+    const xSorted = x.toSorted();
+    sink(xSorted) // NOT OK
 }