v0.16.0 — bean / DTO taint modeling

Driven by real-world testing (javaspringvulny): request data usually moves through a value object before reaching a sink, and pure source/sink matching misses that.

Value objects (DTOs, form/command beans, entities) are now modelled as taint containers: a tainted bean's String getter returns a tainted value, and a String setter taints the bean. So a flow like controller → form.setTerm(input) → form.getTerm() → SQL, or a @RequestBody bean read via its getters, is now caught. Implemented as programmatic taint transfers for application-class String accessors; String-only to stay precise.

Precision verified: on spring-petclinic-rest this generates 1303 accessor transfers and still reports 0 false positives — it does not over-taint real, clean code.

Benchmark: 36 vulnerable cases (35 by the taint engine alone, 0 FP).