Python: Use explicit argument specification instead of getAnArg

I've seen quite a few places where `getAnArg` leads to wrong behavior, and I
generally just don't like it.

Author: RasmusWL

python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql

@@ -24,8 +24,9 @@ private API::Node paramikoSSHClientInstance() {
 
 from DataFlow::CallCfgNode call, DataFlow::Node arg, string name
 where
+  // see http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.set_missing_host_key_policy
   call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall() and
-  arg = call.getAnArg() and
+  arg in [call.getArg(0), call.getArgByName("policy")] and
   (
     arg = unsafe_paramiko_policy(name).getAUse() or
     arg = unsafe_paramiko_policy(name).getReturn().getAUse()