Add disallowedSuperglobals rule

[ekisu]

This adds a rule disallowedGlobals, which intends to disallow usages of variables such as $_GET or $_SERVER throughout the code. It might be helpful on some code bases which make extensive usage of those, instead of using things like the PSR-7 RequestInterface.

[spaze]

Hey @ekisu and thanks for the PR. I quite like the idea and I have a few ideas/questions:

Would you like this to also report on other global variables? Like

function foo()
{
    global $bar;
}

If yes, then can you write a test for that? Or do you want this to report only superglobal ($_GET, $_POST, ...) usage? If this is the case, can you rename it (and the classes) to disallowSuperGlobals rule? I'm totally fine with either of those two options, maybe I even slightly prefer just renaming it to disallowSuperGlobals but it's really up to you. (And yeah, I've noticed the test for the "unknown" superglobal $TEST_GLOBAL_VARIABLE, and would like to preserve the test even if you just rename the thing.)

[ekisu]

The idea originally was to report only on superglobals really, I've renamed the rule to disallowedSuperglobals (and the remaining of the code as well)

[spaze]

Got it, will check soon (next week or so, busy now, sorry!), thanks!

[spaze]

Hey, thanks again 👍 I've added support for allowIn, made some minor cosmetic changes, squashed the commit and merged it. Will release soon.

[spaze]

Released in 2.3.0.