[analyzer][docs] Add CSA release notes

We'll soon branch off, and start releasing clang-17.
Here is a patch, adjusting the release notes for what we achieved since
the last release.

I used this command to inspect the interesting commits:
```
git log --oneline llvmorg-16.0.0..llvm/main \
  clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | \
  grep -v NFC | grep -v -i revert
```

This filters in CSA directories and filters out NFC and revert commits.

Given that in the release-notes, we usually don't put links to commits,
I'll remove them from this patch as well. I just put them there to make
it easier to review for you.

I tried to group the changes into meaningful chunks, and dropped some of
the uninteresting commits.
I've also dropped the commits that were backported to clang-16.

Check out how it looks, and propose changes like usual.

---

FYI the `ninja docs-clang-html` produces the html docs, including the `ReleaseNotes`.
And the produced artifact will be at `build/tools/clang/docs/html/ReleaseNotes.html`.

Differential Revision: https://reviews.llvm.org/D155445

clang/docs/ReleaseNotes.rst

@@ -1002,10 +1002,73 @@ libclang
 
 Static Analyzer
 ---------------
+
 - Fix incorrect alignment attribute on the this parameter of certain
   non-complete destructors when using the Microsoft ABI.
   (`#60465 <https://github.com/llvm/llvm-project/issues/60465>`_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  Use `-fstrict-flex-arrays=<n>
+  <https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-fstrict-flex-arrays>`_
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+
+- Fixed some bugs (including crashes) around the handling of constant global
+  arrays and their initializer expressions.
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the arguments of ``strcpy`` are
+  known to be of certain lengths and that are in-bounds.
+
+   .. code-block:: c++
+
+    struct {
+      void *ptr;
+      char arr[4];
+    } x;
+    x.ptr = malloc(1);
+    // extent of 'arr' is 4, and writing "hi\n" (4 characters),
+    // thus no buffer overflow can happen
+    strcpy(x.arr, "hi\n");
+    free(x.ptr); // no longer reports memory leak here
+
+  Similarly, functions like ``strsep`` now won't invalidate the object
+  containing the destination buffer, because it can never overflow.
+  Note that, ``std::copy`` is still not modeled, and as such, it will still
+  invalidate the enclosing object on call.
+  (`#55019 <https://github.com/llvm/llvm-project/issues/55019>`_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+  The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+  ``snprintf``.
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+  ``_Nullable`` including block pointers and literal objects.
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+  ``StdCLibraryFunctions``.
+  ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``,
+  ``SEEK_END``, ``SEEK_CUR`` arguments.
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+  the ``MallocChecker``.
+  (`#39713 <https://github.com/llvm/llvm-project/issues/39713>`_)
+
+- Fixed the infamous unsigned index false-positives in the
+  ``ArrayBoundCheckerV2`` checker.
+  (`#44493 <https://github.com/llvm/llvm-project/issues/44493>`_)
+
+- Now, taint propagations are tracked further back until the real taint source.
+  This improves all taint-related diagnostics.
+
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+
 .. _release-notes-sanitizers:
 
 Sanitizers