Ruby: Restrict GraphQL remote flow sources

Previously we considered any splat parameter in a graphql resolver to be
a remote flow source. Now we limit that to reads of the parameter which
yield scalar types (e.g. String), as defined by the GraphQL schema.

This should reduce GraphQL false positives.

ruby/ql/test/library-tests/frameworks/graphql/app/graphql/types/base_enum.rb

@@ -0,0 +1,2 @@
+class Types::BaseEnum < GraphQL::Schema::Enum
+end

ruby/ql/test/library-tests/frameworks/graphql/app/graphql/types/media_category.rb

@@ -0,0 +1,8 @@
+module Types
+  class MediaCategory < Types::BaseEnum
+    value "AUDIO", "An audio file, such as music or spoken word"
+    value "IMAGE", "A still image, such as a photo or graphic"
+    value "TEXT", "Written words"
+    value "VIDEO", "Motion picture, may have audio"
+  end
+end

ruby/ql/test/library-tests/frameworks/graphql/app/graphql/types/post.rb

@@ -0,0 +1,7 @@
+class Types::Post < GraphQL::Schema::Object
+    field :title, String
+    field :body, String, null: false
+    field :media_category, Types::MediaCategory, null: false
+  end
+end
+  

ruby/ql/test/library-tests/frameworks/graphql/app/graphql/types/query_type.rb

@@ -42,5 +42,23 @@ module Types
     def foo(arg)
       system("echo #{arg}")
     end
+
+    field :with_enum, String, null: false, description: "A field with an enum argument" do
+      argument :enum, Types::MediaCategory, "An enum", required: true
+      argument :arg2, String, "Another arg", required: true
+    end
+    def with_enum(**args)
+      system("echo #{args[:enum]}")
+      system("echo #{args[:arg2]}")
+    end
+
+    field :with_nested_enum, String, null: false, description: "A field with a nested enum argument" do
+      argument :inner, Types::Post, "Post", required: true
+    end
+    def with_nested_enum(**args)
+      system("echo #{args[:inner]}")
+      system("echo #{args[:inner][:title]}")
+      system("echo #{args[:inner][:media_category]}")
+    end
   end
 end