Fix flow out of varargs param with models-as-data

This still doesn't allow for a variadic out parameter to be defined as
a source using MaD. This is due to the lack of an implicit store step
at sources, to match implicit read steps at sinks.

go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll

@@ -66,6 +66,11 @@ predicate containerReadStep(Node node1, Node node2, Content c) {
     (
       node2.(Read).readsElement(node1, _)
       or
+      exists(ImplicitVarargsSlice ivs |
+        node1.(PostUpdateNode).getPreUpdateNode() = ivs and
+        node2.(PostUpdateNode).getPreUpdateNode() = ivs.getCallNode().getAnImplicitVarargsArgument()
+      )
+      or
       node2.(RangeElementNode).getBase() = node1
       or
       // To model data flow from array elements of the base of a `SliceNode` to

go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll

@@ -845,6 +845,9 @@ module Public {
         or
         preupd = getAWrittenNode()
         or
+        preupd instanceof ImplicitVarargsSlice and
+        mutableType(preupd.(ImplicitVarargsSlice).getType().(SliceType).getElementType())
+        or
         preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and
         mutableType(preupd.getType())
       ) and

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go

@@ -29,8 +29,8 @@ func main() {
 	var out1 *string
 	var out2 *string
 	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
+	sink(out1) // $ hasValueFlow="out1"
+	sink(out2) // $ hasValueFlow="out2"
 
 	sliceOfStructs := []test.A{{Field: source()}}
 	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"