C++: restore flow for non-class partial reads

This would otherwise have lost a good qltest result at
CWE-134/semmle/funcs/funcsLocal.c:58:9:58:10

cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll

@@ -199,6 +199,17 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {
   // Flow through pointer dereference
   i2.(LoadInstruction).getSourceAddress() = i1
   or
+  // Flow through partial reads of arrays, unions, and pointer parameters
+  // TODO: `UnknownType` includes *all* pointer parameters. We only want
+  // array-like pointer parameters
+  i2.(LoadInstruction).getSourceValueOperand().getAnyDef() = i1 and
+  not i1.isResultConflated() and
+  (
+    i1.getResultType() instanceof ArrayType or
+    i1.getResultType() instanceof UnknownType or
+    i1.getResultType() instanceof Union
+ )
+ or
   // Unary instructions tend to preserve enough information in practice that we
   // want taint to flow through.
   // The exception is `FieldAddressInstruction`. Together with the rule for