JavaScript: Lift call graph library to data flow graph.

[xiemaisi]

This PR lifts CallSite from the AST to the data flow graph by adding the relevant API to DataFlow::InvokeNode.

Among other things, this necessitates a change in our handling of spread arguments: InvokeNode.getArgument(i) is now only defined if there isn't a spread argument at or before position i, and similarly for getNumArgument. This is different from InvokeExpr.getArgument, but I think it's almost always what we want.

In addition to AST-based call nodes, we introduce new reflective call nodes representing the reflective call happening at a .call or .apply invocation. I've separated the abstract classes we need to present a unified interface for explicit and reflective calls from the concrete classes we use to classify the various kinds of calls and invocations. In particular, this allows us to keep InvokeNode and its subclasses concrete.

There is a performance overhead (internal link). The source of the slowdown wasn't obvious from the logs, so I tried adding a bit of explicit caching here and there, but none of that made any difference. I still have a few more ideas, but for now perhaps we'll need to merge this as-is to unblock further data flow graph development.

Results are almost unchanged, except for two new TPs that arise from the fact that we now allow ourselves to interpret f.apply as a call to a method apply of f if it exists (previously ReflectiveCallSite overrode getACallee, causing us to always consider it as a reflective call).

[ghost]

This still LGTM, as discussed internally.