Initial security type checking.

[rictic]

This adds basic support for type checking code with Safe Types sanitization in place. This can be trivially extended to support checking with Trusted Types, but I'm starting simple.

Trusted Types is also still working through the standards process, so I don't want to ship anything prematurely here. See the conversation at https://groups.google.com/a/chromium.org/g/blink-dev/c/Il-wfnw9TAw

Fixes #28

[rictic]

There's something slightly odd going on, at least when I run this locally. The analyzer doesn't seem to know about any properties on the <script> element. It knows about attributes, but not properties. This is a regression (and very possibly a result of my local environment being in a weird state). I haven't yet tracked down what's going on in any detail.

[rictic]

Also may depend on runem/ts-simple-type#56

[aomarks]

Does this come straight from a user config file, or can we assume it's validated as a partial config already? (Otherwise should this validate and throw?)

[rictic]

Following convention here, I didn't throw. Added some validation, since I didn't see other validation. @runem what do you think?

[runem]

The configuration given to lit-analyzer is not validated as of now. First of all, I think the CLI should throw on invalid values, but ts-lit-plugin should only log warnings (no reason to crash when running in the IDE).

Therefore, I think that we should implement one of these solutions:
a. export a validateConfig function that validates the raw, partial config.
b. extend makeConfig with an option to assert values (perhaps a callback that is called on invalid config values).

I also think makeConfig should properly fall back to default values when encountering an invalid value (which it doesn't do for all attributes right now).

I created an issue for it here #65 so that it can be done in a future, separate PR 👍

[runem]

Looks great, thanks! I'll merge this PR now 👍