Java: Allow taint-read-steps for array sources.

[aschackmull]

Certain read steps are also allowed as taint steps, i.e. they treat a tainted object as if all of its fields are tainted as well. This applies to "entrypoint types", i.e. the types of the flow sources from the active threat model. This PR adds array elements to the set of entrypoint types, so that if a source has type Foo[] then reading fields of Foo will be considered default taint steps.

A recent test case from a support issue highlighted that this was missing.

[Copilot]

Pull Request Overview

This PR extends taint tracking functionality in Java to include array elements as entrypoint types. This allows taint to flow through field reads of array element types when the array itself is a flow source from the active threat model.

• Adds array element types to the set of entrypoint types for taint tracking
• Enables field reads on array element types to be treated as taint steps
• Addresses a gap identified through a recent support case

[owen-mc]

I think it would be worth adding a test for this. And maybe a change note - even though it is quite technical, if end users start getting more results and want to figure out why, it would be good for them to be able to find an explanation.

[aschackmull]

Mainly one project gets more flow, which also shows in the timings, but otherwise dca is fairly quiet.