Phase 1 (#33)

* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs

tests/fixtures/patterns/java/negative.java

@@ -0,0 +1,22 @@
+import java.sql.*;
+import java.security.SecureRandom;
+
+class Negative {
+    // Safe: parameterized query
+    void safeQuery(Connection conn, String user) throws Exception {
+        PreparedStatement ps = conn.prepareStatement("SELECT * FROM users WHERE name = ?");
+        ps.setString(1, user);
+        ResultSet rs = ps.executeQuery();
+    }
+
+    // Safe: SecureRandom instead of Random
+    void safeRandom() {
+        SecureRandom sr = new SecureRandom();
+        int token = sr.nextInt();
+    }
+
+    // Safe: no concatenation in SQL
+    void safeLiteralQuery(Statement stmt) throws Exception {
+        stmt.executeQuery("SELECT COUNT(*) FROM users");
+    }
+}