Python: Improve full/partial SSRF split

Now full-ssrf will only alert if **all** URL parts are fully
user-controlled.

python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql

@@ -15,12 +15,11 @@ import semmle.python.security.dataflow.ServerSideRequestForgery
 import DataFlow::PathGraph
 
 from
-  FullServerSideRequestForgery::Configuration fullConfig,
   PartialServerSideRequestForgery::Configuration partialConfig, DataFlow::PathNode source,
   DataFlow::PathNode sink, HTTP::Client::Request request
 where
   request = sink.getNode().(PartialServerSideRequestForgery::Sink).getRequest() and
   partialConfig.hasFlowPath(source, sink) and
-  not fullConfig.hasFlow(source.getNode(), sink.getNode())
+  not fullyControlledRequest(request)
 select request, source, sink, "Part of the URL of this request depends on $@.", source.getNode(),
   "a user-provided value"