Rework SourceFile analysis strategy

[fraxken]

Right now JS-X-Ray is only capable to scan one sourcefile by one sourcefile. The Scanner package is currently responsible of listing and iterating all JavaScript files from a given NPM tarball (for example).

What's the issue with that?

index.js
src/
  other.js
test/
  foobar.js

In the example above we will scan every files. But in reality there is a high probability that test/foobar.js will never be executed (and it will also be the biggest vector of false positives).

My idea is to add a new strategy that will take entry files as input. We will then only scan files imported from these entry points.

Eventually, we could combine the two ways of doing things to ensure greater security while reducing false positives overall.