Add multi-language AST-pattern scanning support

- Introduced `patterns` module with language-specific vulnerability patterns.
- Added `query_cache` utility for caching compiled queries.
- Expanded `scan.rs` to support scanning multiple languages dynamically.
- Updated `Cargo.toml` with additional tree-sitter dependencies.
- Added severity filtering to `ScannerConfig` for better configuration.

src/patterns/php.rs

@@ -0,0 +1,40 @@
+use crate::patterns::{Pattern, Severity};
+
+pub const PATTERNS: &[Pattern] = &[
+  Pattern {
+    id: "eval_call",
+    description: "eval($code) execution",
+    query: "(function_call_expression function: (name) @n (#eq? @n \"eval\")) @vuln",
+    severity: Severity::High,
+  },
+  Pattern {
+    id: "preg_replace_e",
+    description: "preg_replace with deprecated /e modifier",
+    query: "(function_call_expression function: (name) @n (#eq? @n \"preg_replace\") arguments: (arguments (string) @pat (#match? @pat \"/.*e.*$/\"))) @vuln",
+    severity: Severity::High,
+  },
+  Pattern {
+    id: "create_function",
+    description: "create_function(...) anonymous eval-like",
+    query: "(function_call_expression function: (name) @n (#eq? @n \"create_function\")) @vuln",
+    severity: Severity::Medium,
+  },
+  Pattern {
+    id: "unserialize_call",
+    description: "unserialize(...) on user input",
+    query: "(function_call_expression function: (name) @n (#eq? @n \"unserialize\")) @vuln",
+    severity: Severity::High,
+  },
+  Pattern {
+    id: "mysql_query_concat",
+    description: "mysql_query with concatenated SQL",
+    query: "(function_call_expression function: (name) @n (#eq? @n \"mysql_query\") arguments: (arguments (binary_expression) @concat)) @vuln",
+    severity: Severity::Medium,
+  },
+  Pattern {
+    id: "system_call",
+    description: "system()/shell_exec()/exec() command execution",
+    query: "(function_call_expression function: (name) @n (#match? @n \"system|shell_exec|exec|passthru\")) @vuln",
+    severity: Severity::Medium,
+  },
+];