Auto-fix suggestions: suggest concrete fixes for taint findings

[peaktwilight]

Problem

When foxguard fires `py/taint-sql-injection`, the developer knows what's wrong but has to figure out how to fix it themselves. For common vulnerability patterns, the fix is well-known and mechanical:

• SQL injection → parameterized queries
• Command injection → `shlex.quote` / argument arrays
• XSS → HTML escaping / template auto-escape
• SSRF → URL allowlisting
• Eval → remove eval, use safe alternatives
• Pickle → use JSON or MessagePack

Suggesting the fix inline would turn foxguard from "it tells you what's wrong" into "it tells you how to fix it."

Proposal

For each taint rule, add a `fix_suggestion` field that contains:

1. A one-line human-readable description of what to do
2. Optionally, a concrete code snippet showing the safe pattern

Surface the suggestion in:

• Terminal output — print below the finding when `--explain` is used (see --explain flag: show source → sink dataflow trace on taint findings #47)
• SARIF output — populate the `fix` field so GitHub Code Scanning shows "Suggested fix" inline in PRs
• JSON output — include `fix_suggestion` in the finding object
• VS Code extension — show as a Quick Fix action (longer term)

Examples

```
src/routes.py:42 CRITICAL py/taint-sql-injection (CWE-89)
flask.request.args reaches cursor.execute — untrusted input can inject SQL

Fix: use parameterized queries instead of string concatenation
cur.execute("SELECT * FROM users WHERE name = ?", (name,))
```

Scope

• In: fix suggestions for all existing taint rules (Python, JS, Go), terminal + JSON + SARIF output
• Out: auto-apply (actually rewriting the code) — that's a separate feature. VS Code Quick Fix — separate issue.

Priority

Medium. High user-facing value but not blocking anything else.

[peaktwilight]

Shipped in PR #74. Fix suggestions added to all 14 taint rules (Python 6, JS 5, Go 3), surfaced in terminal (--explain), JSON, and SARIF output.