[K9VULN-4719] Allow rules to specify beforeAll and afterAll functions

[jasonforal]

What problem are you trying to solve?

Some rules would be easier to write if there was a way to run code before any visit function is invoked or code after all visit functions are invoked.

This is useful when the rule's logic depends on the presence of absence of multiple conditions. For example, a C# rule might want to enforce that a type extending System.Exception implements all 3 required constructors, e.g. like so). A rule like this could capture all constructor nodes, set global booleans within the visit function if they match a specific pattern, and then after all nodes are visited, determine whether to report a violation or not.

Currently, one could hack together this functionality by incrementing an integer within each visit function and comparing it with the array length to determine whether it's the first or last invocation, but that's...awful.

What is your solution?

• If a rule specifies a beforeAll function, call it before processing any query matches.
  • The function is passed a copy of the data in the query match bridge to prevent the rule code from inadvertently mutating the actual bridge's data.
• If the rule specifies an afterAll function, call it after processing all query matches.

Alternatives considered

What the reviewer should know

• This is marked as "experimental" in the code comments until we decide to officially support it.

[jasonforal]

Re-requesting review for the (new) change that passes all query matches into the beforeAll function: 64527d5