Gosec does not detect G204 if user input is from a function parameter

### Summary 

When using exec.Command with user defined input, I expect G204 (Subprocess launched with variable) to trigger. However, if that user defined input is used directly from a function parameter, it does not trigger G204.

### Steps to reproduce the behavior

See this go program:
```go
package main

import (
	"os"
	"os/exec"
)

func main() {
	execCommand(os.Args[0])
}

func execCommand(command string) {
	cmd := exec.Command("bash", "-c", command)
	err := cmd.Run()
	if err != nil {
		panic(err)
	}
}
```

I'd expect this to trigger G204, however gosec reports no issues.

If I make a small change and assign the command string to a new variable, however, gosec properly detects the issue:
```go
package main

import (
	"os"
	"os/exec"
)

func main() {
	execCommand(os.Args[0])
}

func execCommand(command string) {
	cmdStr := command
	cmd := exec.Command("bash", "-c", cmdStr)
	err := cmd.Run()
	if err != nil {
		panic(err)
	}
}

```

This _DOES_ trigger G204, as expected.

### gosec version
v2.20.0

### Go version (output of 'go version')
go version go1.21.9 darwin/arm64

### Operating system / Environment
macOS sonoma 14.5

### Expected behavior
Expected G204 to trigger

### Actual behavior
G204 does not trigger


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gosec does not detect G204 if user input is from a function parameter #1174

Summary

Steps to reproduce the behavior

gosec version

Go version (output of 'go version')

Operating system / Environment

Expected behavior

Actual behavior

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development