Fixes a bug that caused cached barriers nodes to be re-evaluated. Specifically, this predicate in TaintTrackingPrivate was re-evaluated due to the cached AdditionalSanitizerGuardNode inheriting from the query-specific SanitizerGuard:

private class SanitizerGuardAdapter extends DataFlow::Node instanceof TaintTracking::AdditionalSanitizerGuardNode {
  ...
}

cached
predicate defaultTaintSanitizer(DataFlow::Node node) {
  node instanceof DataFlow::VarAccessBarrier or
  node = MakeBarrierGuard<SanitizerGuardAdapter>::getABarrierNode() // transitively depends on SanitizerGuardNode
}

The AdditionalSanitizerGuardNode class no longer inherits from SanitizerGuardNode which means its sanitizes/blocks predicates have their own rootdef now.

Update to XSS queries

This revealed a bug in the some of the ported XSS queries in that they didn't explicitly include the shared XSS barrier guards. In many (but not all) cases those barrier guards worked anyway because they shared their this value with an AdditionalBarrierGuard which meant their overrides were in effect (for such this values), even if not explicitly opted into.

This is similar to the old problem with isBarrierGuardNode() not being able to accurately choose a class to include, but only a set of values, and then we get interference from unrelated classes containing that value. Note that this can't happen anymore as queries now have their own BarrierGuardNode root class, but AdditionalSanitizerGuardNode hadn't yet been refactored this way until now.

Evaluation

Evaluation shows a 2% performance improvement, as a result of fixing the cache re-evaluation bug.

The performance impact is more significant for the use-use flow branch, as it needs to do more work with barriers, and this PR is needed to unblock the use-use flow branch.