Split from T221477.

These are simple "toolboxes" for developers to easily run security-related tooling, mostly to capture low-hanging fruit and provide baseline analyses. These are not in any way to be thought of as capable of performing exhaustive security reviews by themselves. They are in various states of development and I've been using some of them during security reviews. The goal here is to polish these and eventually push to wikimedia/security/tooling.

• JavaScript
  • npm audit
  • retirejs
  • NodeJsScan
  • SonarJS
  • js-tajs
  • deepscan (likely not a contender given its model)
  • snyk
  • cve search?
  • "bad" js pattern grepper