feat: support multiple required detections

[elsapet]

Description

Add support for multiple required detections (relevant for rules triggered by absence of detections).
Ordering of required detections allows us to target which one is displayed in report output; namely, the first one.

For example, the following rule pattern (extract)

trigger:
  match_on: absence
  required_detections:
    - csharp_lang_missing_authorization_controller_class
    - csharp_lang_missing_authorization_aspnet_mvc
auxiliary:
  - id: csharp_lang_missing_authorization_aspnet_mvc
    patterns:
      - using Microsoft.AspNetCore.Mvc;
  - id: csharp_lang_missing_authorization_controller_class
    patterns:
      - |
        $<...>public class $<...>$<_>$<...> : Controller {}

will yield the below report output (that is, it displays the public class X : Controller line and not the using X; line)

MEDIUM: Missing authorization for controller class [CWE-862]
To ignore this finding, run: bearer ignore add 638dcc604dfb349a2e801bf63dc612a3_0

File: /Users/elsapet/cycode/backend-team/sast/rules/tests/csharp/lang/missing_authorization/testdata/main.cs:6

 6     [Route("api/[controller]")]
 7     public class FooController : Controller
 8     {
           ...omitted (buffer value 3)
 10         {
 11         }
 12     }

Note, existing required_detection is still supported.

Checklist

If this is your first time contributing please sign the CLA

• I've added test coverage that shows my fix or feature works as expected.
• I've updated or added documentation if required.