add tests for the fixes in the qhelp, and fix an FP that appeared

ruby/ql/lib/codeql/ruby/ast/internal/Constant.qll

@@ -560,6 +560,11 @@ private predicate isArrayExpr(Expr e, ArrayLiteralCfgNode arr) {
   // Note(hmac): I don't think this is necessary, as `getSource` will not return
   // results if the source is a phi node.
   forex(ExprCfgNode n | n = e.getAControlFlowNode() | isArrayConstant(n, arr))
+  or
+  // if `e` is an array, then `e.freeze` is also an array
+  e instanceof MethodCall and
+  e.(MethodCall).getMethodName() = "freeze" and
+  isArrayExpr(e.(MethodCall).getReceiver(), arr)
 }
 
 private class TokenConstantAccess extends ConstantAccess, TTokenConstantAccess {

ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll

@@ -83,6 +83,12 @@ module UrlRedirect {
    */
   class StringConstCompareAsSanitizer extends Sanitizer, StringConstCompareBarrier { }
 
+  /**
+   * A string concatenation against a constant list, considered as a sanitizer-guard.
+   */
+  class StringConstArrayInclusionAsSanitizer extends Sanitizer, StringConstArrayInclusionCallBarrier
+  { }
+
   /**
    * Some methods will propagate taint to their return values.
    * Here we cover a few common ones related to `ActionController::Parameters`.