Add concept of a safe-ening method to mark hrefs as safe

Feature:
Warn when using unsafe hrefs.  This is a very specific case that as of now produces a ton of noise.  This came out of an xss vuln where the value was escaped but still vulnerable.

    link_to 'asdf', h(@scary)

where

    @scary = 'javascript:alert(1)'

or

    @scary = 'data:  # http://palpapers.plynt.com/issues/2010Oct/bypass-xss-filters/

This branch accomplishes slightly intelligent warnings by adding a new command line option to declare methods that make a string URL safe (unless there is already a standard one out there).  e.g.:

    $ brakeman . --url-safe-methods ensure_valid_protocol!

    link_to 'asdf', ensure_valid_protocol!(@scary, :javascript)

allowing Brakeman to easily be used as a library now

to test for absence of a warning

because Rails 2 and 3 need different processors

-n option will run the checks sequentially.
Closes #10

to also detect params[:blah][:blah][:blah] as a direct use of params
(and the same for cookies)

in method calls like <%= blah(cookies[:snickerdoodle]) %>