Add capability to group similar results

[aeisenberg]

This query https://github.com/github/securitylab/blob/main/CodeQL_Queries/cpp/XNU_DTrace_CVE-2017-13782/DTraceUnsafeIndex.ql when run on the database linked here https://github.com/github/securitylab/tree/main/CodeQL_Queries/cpp/XNU_DTrace_CVE-2017-13782 will produce results like the following:

You can see that many of the paths are duplicates. It's likely that in QL4E, the results were grouped together based on the comment in the ql file:

This query has 16 results. The 16th result is the vulnerability: dtrace_isa.c:817

The suggestion is the following:

1. Add a toggle to group similar results in the results view. Similar results are defined by:
   • For Path queries
     • message is the same
     • All path elements are the same ast node
   • For alerts queries
     • message is the same
     • alert node is the same
   • For other query types
     • All elements are equal
2. For the "Display in problems view", always group similar results. The calculation of what is similar would be slightly different since we only show the final element of a path query.

[adityasharad]

Some added context:

QL4E used to have two Problems panes for exactly this reason, one grouped and one ungrouped. We made the explicit decision to avoid that clunky UI in the VS Code extension. Conveniently the CLI knows how to group results already. We currently pass --no-group-results to codeql database analyze to get ungrouped results in the SARIF for simplicity, but a toggle sounds feasible if this will improve usability, at the cost of making a second CLI call.

There is an internal discussion about making the grouping more intuitive for path alerts, which has been open for some time. I'll point you to that separately.