Fix modelling of Stack.push

Stack.push(E) returns its argument, it does not propagate taint from
the stack to the return value.

java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll

@@ -127,7 +127,7 @@ private predicate taintPreservingQualifierToMethod(Method m) {
   m.(CollectionMethod).hasName(["elementAt", "elements", "firstElement", "lastElement"])
   or
   // java.util.Stack
-  m.(CollectionMethod).hasName(["peek", "pop", "push"])
+  m.(CollectionMethod).hasName(["peek", "pop"])
   or
   // java.util.Queue
   m.(CollectionMethod).hasName(["element", "poll"])
@@ -269,6 +269,9 @@ private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
  * `arg`th argument is tainted.
  */
 private predicate taintPreservingArgumentToMethod(Method method, int arg) {
+  // java.util.Stack
+  method.(CollectionMethod).hasName("push") and arg = 0
+  or
   method.getDeclaringType().hasQualifiedName("java.util", "Collections") and
   (
     method