Ruby: some improvements

[aibaars]

trafficstars

I investigated a case where we didn't flag up a result for the rb/overly-permissive-file query . This pull request implements the improvements needed to flag up that result, and makes the following changes:

• track Pathname instances using global flow instead of local flow
• model Object.dup and Kernel.tap
• add flow steps for logical operators
• add support for extend in the call graph

The dataflow improvements caused a fairly large number of false positives on our test suite for the missing regex anchor and incomplete hostname regex queries. This was caused by misclassifying some string literals as regular expression due to confusing Regexp#match and String#match. Commit f93bc900b90c264c935b25d5eb669aa9e353b3c4 improves this and remove the false positive results.