ci: add phpstan updates

[millnut]

What does this change?

This PR adds the same PHPStan checks as the main project as well as adding an extra quality gate check to the static analysis check to make sure there are no disallowed/dangerous/insecure calls in the codebase, such as:

• var_dump()
• print_r()
• phpinfo()
• exec(), shell_exec(), etc...

A baseline PHPStan file has also been generated, and the errors reported within can be looked at over time.

How to test

Run lando sca

[ekes]

Well the var_dump it picks up shouldn't be there :-) I'll make a PR. I assume if there are any that should be for some reason, they can be excluded explicitly so makes sense.

Assuming the other errors are not related?

[millnut]

Nope other errors are not related. However when I looked at those it looked like preview_link was not installed so it is likely highlighting this. We install prevew_link in https://github.com/localgovdrupal/localgov/blob/3.x/composer.json but I'm not seeing it in https://github.com/localgovdrupal/localgov_microsites/blob/4.x/composer.json

[ekes]

We install prevew_link in https://github.com/localgovdrupal/localgov/blob/3.x/composer.json but I'm not seeing it in https://github.com/localgovdrupal/localgov_microsites/blob/4.x/composer.json

Let's see was that one of the MRs that went into 3.x first, rather than 4.x and backported.

Ah! It's been added to localgov not microsites.

Guess we need to make an issue to add it to microsites (and possibly check it works - with the domains and all!), or somehow resolve that conflict.

[finnlewis]

Here's an issue to look at adding and enabling preview_link:
localgovdrupal/localgov_microsites#478