Python: Exclude AF_UNIX sockets from BindToAllInterfaces

Looking at the results of the the previous DCA run, there was a bunch of
false positives where `bind` was being used with a `AF_UNIX` socket (a
filesystem path encoded as a string), not a `(host, port)` tuple. These
results should be excluded from the query, as they are not vulnerable.

Ideally, we would just add `.TupleElement[0]` to the MaD sink, except we
don't actually support this in Python MaD...

So, instead I opted for a more low-tech solution: check that the
argument in question flows from a tuple in the local scope.

This eliminates a bunch of false positives on `python/cpython` leaving
behind four true positive results.

python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected

@@ -60,4 +60,5 @@ nodes
 | BindToAllInterfaces_test.py:53:10:53:25 | ControlFlowNode for Tuple | semmle.label | ControlFlowNode for Tuple |
 | BindToAllInterfaces_test.py:58:10:58:18 | ControlFlowNode for StringLiteral | semmle.label | ControlFlowNode for StringLiteral |
 | BindToAllInterfaces_test.py:58:10:58:25 | ControlFlowNode for Tuple | semmle.label | ControlFlowNode for Tuple |
+| BindToAllInterfaces_test.py:62:9:62:10 | ControlFlowNode for StringLiteral | semmle.label | ControlFlowNode for StringLiteral |
 subpaths

python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py

@@ -56,3 +56,7 @@ gs.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
 from eventlet.green import socket as esocket
 es = esocket.socket(esocket.AF_INET, esocket.SOCK_STREAM)
 es.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
+
+# AF_UNIX socket binding should not be flagged
+us = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+us.bind('')