I also drop the previous approach of taint-tracking through various builder objects in favour of assuming that a URI set in a request-builder object is highly likely to end up requested in some way or another.
This will cause the `java/non-https-url` query to pick the new sinks up too, and fixes a Spring case that had never worked but went unnoticed until now.
The case where something might be exactly a constant is general across all queries, and not handled yet, particularly in the case where the result of `getParameter("uri")` might have changed between the check and the use.
