fix(taint): gate *http.Request auto-taint on entry-point detection (#1630)

* fix(taint): gate *http.Request auto-taint on entry-point detection (#1629)

isParameterTainted unconditionally tainted any *http.Request parameter by
type, even when the function had known callers passing constant-URL requests.

Check the CHA call graph first: only auto-taint when the function has no
in-edges (true external entry point). When callers exist, fall through to
the existing caller-verification loop instead.
Fixes #1629

* Address Barry AI Security Analysis

* improve code coverage

* fix lint

* taint mechanism, framework agnostic

* address lint warning

Author: ravisastryk