Add tests for cross-function analysis

[mlevesquedion]

(This PR is intended as a precursor to #57 to reduce the diff.)

This PR adds tests for cross-function analysis. It covers the basic functionality of determining what a function does with its arguments, i.e. 1. do they reach a sink, 2. what return values do they reach. It also covers cycles in the call graph, as well as calls to functions from imported packages.

A want comment such as this:

SinkWrapper:"genericFunc{ sinks: <0>, taints: <<> <0>> }"

Means that we expect a Fact to be attached to the SinkWrapper function. The Fact says that this is a generic function whose first (0th) argument reaches a sink and does not reach any of its return values, while its second argument does not reach a sink, but it does reach the function's first (0th) return value.

The following are not covered:

• Methods
• Tainting of colocated arguments, e.g. fmt.Fprintf(w, Source{})

(I think for a first stab at cross-function analysis, handling those is out of scope.)

• Tests pass
• Appropriate changes to README are included in PR