Several workflowcheck improvement suggestions

[cretz]

Describe the solution you'd like

In addition to Gradle plugin (#2768) and Maven plugin (#2769), the workflowcheck static analyzer done in #2767 could use the following improvements:

• Accept environment variables to point to config files
• Accept environment variables to provide specific config properties
• Accept Java system properties to point to config files
• Accept Java system properties to provide specific config properties
• Check lambda contents but avoid SideEffect
• Module support
• Kotlin tests/confirmation
• Prevent field mutation in queries and update validators
• Config prebuilding where you can give a set of packages and it will generate a .properties set of invalid methods
  and save from having to reread the class files of that package at runtime
  • Also consider shipping with prebuilt config for Java standard library through Java 21
• Support SARIF output for better integration with tooling like GitHub actions
• Change output to work with IntelliJ's console linking better (see
  this SO answer)
• Support an HTML-formatted result with collapsible hierarchy
• For very deep trees, support [...] by default to replace all but the two beginning and two end entries (with CLI
  option to show more)

These are combined into one issue by request, but any particular piece can be broken off and worked on independently.