Right now we run them in separate jobs because taint-check is still sort of experimental, and because it was built on top of an old version of phan. However, things have changed in the meanwhile, and IMHO we're ready for that step. Notably, this would have two benefits:
- We would avoid the `extra` key in composer.json for seccheck
- We'd use less CI resources (running one phan job instead of two)
This is necessary because otherwise we'd have to require two (possibly different) versions of phan in composer.json (see T235053#5571224 for details).
In order to resolve this task, we should first release 3.0.0 (T235383), which uses the same version as mw-phan does right now. Then require it from mw-phan's composer.json and release a new version of mw-phan. Then cleanup CI config/dockerfiles.