Python: Add SSRF qhelp

I included examples of both types in the qhelp of both queries, to
provide context of what each of them actually are.

python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py

@@ -0,0 +1,15 @@
+import requests
+from flask import Flask, request
+
+app = Flask(__name__)
+
+@app.route("/full_ssrf")
+def full_ssrf():
+    target = request.args["target"]
+
+    # BAD: user has full control of URL
+    resp = request.get("https://" + target + ".example.com/data/")
+
+    # GOOD: `subdomain` is controlled by the server.
+    subdomain = "europe" if target == "EU" else "world"
+    resp = request.get("https://" + subdomain + ".example.com/data/")

python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_partial.py

@@ -0,0 +1,15 @@
+import requests
+from flask import Flask, request
+
+app = Flask(__name__)
+
+@app.route("/partial_ssrf")
+def partial_ssrf():
+    user_id = request.args["user_id"]
+
+    # BAD: user can fully control the path component of the URL
+    resp = requests.get("https://api.example.com/user_info/" + user_id)
+
+    if user_id.isalnum():
+        # GOOD: user_id is restricted to be alpha-numeric, and cannot alter path component of URL
+        resp = requests.get("https://api.example.com/user_info/" + user_id)