Add SqlString.fn Function Call Proxy

[kevinmartin]

Adds the ability to raw "escape" by calling any SqlString.fn.* property as a function.

It takes the Proxy example from mysqljs#9 and merges it in directly into the library.

It only works on Node.js v6+ (according to node.green), but there is a check so that users of lower versions can use the library (without SqlString.fn.* support), which is a con mysqljs#9 didn't have..

Examples:

const a = SqlString.fn.POINT(123, 456);
const b = SqlString.fn.CURRENT_TIMESTAMP();
const c = SqlString.fn.CONCAT(SqlString.fn.UPPER('abc'), SqlString.fn.LOWER('ABC'));

SqlString.escape(a); // -> POINT(123, 456)
SqlString.escape(b); // -> CURRENT_TIMESTAMP()
SqlString.escape(c); // -> CONCAT(UPPER("abc"), LOWER("ABC"))

Should be a lot more secure than mysqljs#9, since the escape function checks if the value from the SqlString.fn.* call is in an instance of an internal function class (SqlFunction) that doesn't get exported. It also escapes all arguments.

Playing (security) devils advocate:

• If someone has external influence on SqlString.fn or SqlString.escape, you're screwed.
• If someone has external influence on Array.prototype.map, you're screwed.
• If someone has external influence on the global Proxy class, you're screwed.
• If someone has external influence on your app, you're screwed.