test(taint): Test taint finding output from ci subcommand

[nmote]

Specifically, this is meant to test the JSON output for dataflow traces generated from the CI command, but it tests quite a bit more. This was requested in the review of #5694.

PR checklist:

• [x] Tests included or PR comment includes a reproducible test plan
• [x] Documentation is up-to-date
• [x] changelog.d/<issue>.<type> is a file with the what, why, and how of the change.
  • <issue> is pa-312 (Linear ticket), gh-1234 (GitHub issue), or new-gizmo (unique semantic name)
  • <type> is added, changed, fixed, or infra.
• [x] Change has no security implications (otherwise, ping security team)

If you're unsure on any of this, please see:

• Changelog guidelines
• Contribution guidelines!
• One of the more specific guides located here