[analyzer] Taint: warn when tainted data is used to specify a buffer

size (Ex: in malloc, memcpy, strncpy..)

(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)

llvm-svn: 148371