Add Customizations.qll files to support integration of sources into Custom CodeQL bundles

[lcartey]

Add Customizations.qll files to the CAP and UI5 library packs. These files enable the packs to be added to a CodeQL CLI custom bundle as a "customization" pack, which enables us to add custom RemoteFlowSources to out-of-the-box queries.

[jeongsoolee09]

Some thoughts:

• Is it better to put this file Customizations.qll under a directory with the name of the pack? Same goes to UI5.
• Should we also have a customizations file for XSJS?
• Overall mechanism: Is the file Customizations.qll treated specially in a bundle? I don't see import Customizations or such in an OOTB query.

[lcartey]

@jeongsoolee09

• Customizations.qll has to be a fixed location for the CodeQL custom bundle to pick it up correctly:
  https://github.com/advanced-security/codeql-bundle/blob/main/codeql_bundle/helpers/bundle.py#L74-L80
• XSJS doesn't currently implement any RemoteFlowSources, so I don't think it's necessary.
• Yes, it's magically included via import javascript.

[jeongsoolee09]

One more: Why are model packs removed from the dependencies of library packs?

[lcartey]

One more: Why are model packs removed from the dependencies of library packs?
The bundles requires that a "customization pack" only depends on the standard library pack, otherwise it creates a dependency loop when it adds a dependency from the standard library pack to the customization pack (e.g. standard library pack -> customization pack -> -> standard library pack).

I also don't think we actually need to reference the model packs in the library pack - it's fine just to reference them in the query packs.

[jeongsoolee09]

Questions answered, code reviewed,