fix(c): reduce false positives in double-free and use-after-free rules

[MarkLee131]

This PR fixes #3770, adding the missing exclusions to three C memory safety rules:

• double-free: Add return exclusion between two free() calls (mutually exclusive cleanup paths), and recognize
  calloc/realloc/strdup as reallocation (previously only malloc)
• use-after-free: Add calloc/realloc/strdup as recognized reallocation patterns
• function-use-after-free: Same calloc/realloc/strdup additions

---

• semgrep --test c/lang/security/ — 12/12 pass
• All existing test cases still match; new ok: cases added for each exclusion

[dannytheway]

I have accidentally opened a PR with the same fixes, I can close it if yours gets merged, but can I suggest a few changes?

Detection for functions other than malloc can be implemented more elegantly as:

- pattern-not:
          patterns:
            - pattern-inside: |
                free($VAR);
                ...
                $VAR = $ALLOC(...);
                ...
            - metavariable-pattern:
                metavariable: $ALLOC
                pattern-either:
                  - pattern: malloc
                  - pattern: calloc
                  - pattern: strdup

rather than a series of - pattern-not-inside and it should work fine.

Also the original rule will not flag *ptr=something; as vulnerable, so I suggest to add a - pattern: (*$VAR).

PR is #3795, check here for details.