This PR enables diff-informed mode on queries that select a location other than dataflow source or sink. This entails adding a non-trivial location override that returns the locations that are actually selected.

Prior work includes PRs like#19663,#19759, and#19817. This PR uses the same patch script as those PRs to find candidate queries to convert to diff-enabled. This is the final step in mass-enabling diff-informed queries on all the languages.

Commit-by-commit reviewing is recommended.

• I have split the commits that add/modify tests from the ones that enable/disable diff-informed queries.
• If the commit modifies a .qll file, in the commit message I've included links to the queries that depend on that .qll for easier reviewing.
• Feel free to delegate parts of the review to others who may be more specialized in certain languages.

Potentially tricky cases:

• [TEST] C++: CWE-020/ExternalAPI: add tests based on qlhelp: I wasn't able to get alerts to show up for the qhelp-based tests; can someone from the language team chip in to what a useful test would look like? Similar case with thePython TimingAttackAgainstHash test. In contrast, in[TEST] Java: CWE-020/ExternalAPI I was able to get alerts just from the qhelp example, and in[TEST] C++: CleartextSqliteDatabase I was able to get alerts from a mostly Copilot-written test.
• [DIFF-INFORMED] C++: (IR) ExternalAPIs: config used in two queries, but one of them without a location; I guess that's fine?
• [DIFF-INFORMED] C++: SSLResultConflation: query uses a secondary config (i.e. calls the same config twice), but this does pass tests, unlike the other queries with secondary configs. Can I get a sanity check here? Let me know if you find other cases of secondary configs that are passing tests.
• [DIFF-INFORMED] Java: LogInjection: disabled because of mysterious OOM during--check-diff-informed locally and in CI. Should create a follow-up issue.
• I'm not sure how important it is to have the location overrides be as precise as possible by including all the clauses from thewhere, or if it's good enough to overapproximate and just pass the--check-diff-informed tests.