JS: Add class harness to recover localFieldStep edges

[asgerf]

Synthesizes a callable for each class, which invokes the class constructor and every
instance method with the same value of this.

This ensures flow between methods in a class when the source originated "within the class",
but not when the flow into the field came from an argument.

For example:

class C {
  constructor(arg) {
    this.x = sourceOfTaint();
    this.y = arg;
  }
  method() {
    sink(this.x); // sourceOfTaint() flows here
    sink(this.y); // but 'arg' does not flow here (only through real call sites)
  }
}

The class harness for a class C can roughly be thought of as the following code:

function classHarness() {
  var c = new C();
  while (true) {
    // call an arbitrary instance methods in the loop
    c.arbitraryInstaceMethod();
  }
}

This is realized with the following data flow graph:

[Call to constructor]
    |
    | post-update for 'this' argument
    V
[Data flow node]   <----------------------+
    |                                     |
    | 'this' argument                     | post-update for 'this' argument
    V                                     |
 [Call to an instance method]  -----------+

Evaluation shows an 85% slowdown in vscode, so more work is needed before this can be merged.