[clang] [-Wunsafe-buffer-usage] Add check for custom printf/scanf functions (PR #173096)

[Oliver Hunt via cfe-commits]

ojhunt wrote:

> We're seeing another couple of false positives:
> 
> ```
> printf("%s", b ? "true" : "false");
> ```
> 
> and
> 
> ```
> constexpr char s[] = "foo";
> printf("%s", s);
> ```
> 
> It would be nice if the warning didn't fire on those.
> 
> I also wonder if we should relax the "c_str() check" a little, to accommodate custom string implementations. If something has a c_str() method, wouldn't it be fair to assume that's going to be a null terminated string?

There's the evaluate as constant string function (I can't recall the exact name) but it doesn't handle null terminated strings. @apple-fcloutier and I have both looked at adding null terminated string support to that. I have an implementation I've been working on as well that tries to adopt it in this code, but the problems I were running intro were

* Many StringLiteral type guards
* Conflation of string length and null termination impacting test output.

The former is obvious, but I think the issue I was having there was dealing with myriad repeated checks which isn't practical once you're actually evaluating them

The latter is more irksome. Given that adding support for constant evaluation of strings to these checks is a fairly significant change I don't really want any test results to change, as presumably those results are intended, but once you have constant evaluation you get differences in behavior as a StringLiteral length gives the size of the string literal, a constant evaluated null terminated string ends at the null, so `"123\0456"` behaves differently. 

I've found the various warnings being issued to be somewhat opaque so I can't tell which are deliberate, and which are just emergent.

https://github.com/llvm/llvm-project/pull/173096