Check right-hand side expr for literals when looking for hard-coded
credentials. This is to avoid issuing warnings for cases where a
password, token, etc. is read from a file or a terminal.
This prevents the string concat tests flagging a false positive if
joining two literal strings (eg "SELECT * FROM " + " table" ... )
or with a constant (eg const tab = "name"; "SELECT * from " + tab)
Go code running under CGI is vulnerable to httpoxy attack. See
https://httpoxy.org/ this checks for an import of net/http/cgi
that might indicate code may be run under CGI.
closes#1
