Expand ReDos checks

[MegaManSec]

This PR adds more checks for ReDoS locations.

It also introduces a primitive MapDirective and GeoDirective, which can be used later to fully support Map/Geo (looks like that's going to be incredibly difficult, if not impossible, though).

[MegaManSec]

This incorrectly checks every type of map{}, regardless of whether it's `location', 'server_name', 'proxy_redirect', 'if', 'rewrite'. This is kind of deliberate, but I wonder if it can be handled better, i.e. if it could be possible to resolve the variable, determine that it resolves to a Mapblock, and then loop over the Mapblock's children..

[sonarqubecloud]

Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dvershinin]

Closing this draft PR. While expanding ReDoS checks to more directive types is a valid goal, this implementation has some issues:

1. External server dependency - The regex_redos plugin already requires an external server, and this PR significantly increases the complexity of that interaction
2. Incomplete abstractions - The MapDirective/GeoDirective are self-described as "primitive" with full support being "incredibly difficult"
3. Mixed concerns - Includes unrelated fixes to docstrings and proxy_pass_normalized logic

The existing regex_redos plugin checking location blocks covers the most common case. If we expand in the future, we'd prefer:

• A local library approach (e.g., Python recheck bindings) over external server calls
• Incremental, focused PRs for each directive type
• Complete implementations rather than partial abstractions

Thanks for the work on this!