Python: Limit RequestInputAccess to immediate uses

This fixes some spurious results that occurred when we considered
_any_ use of `request.something` to be a source, even ones we had
tracked into other functions. To prevent this, using
`getAnImmediateUse` better captures the fact that we want the source
to be just the actual attribute access.

python/ql/src/semmle/python/frameworks/Flask.qll

@@ -312,7 +312,7 @@ private module FlaskModel {
 
     RequestInputAccess() {
       // attributes
-      this = flask::request().getMember(attr_name).getAUse() and
+      this = flask::request().getMember(attr_name).getAnImmediateUse() and
       attr_name in [
           // str
           "path", "full_path", "base_url", "url", "access_control_request_method",