C++: Add more Win32 and Azure SDK remote flow sources

[MathiasVP]

This PR adds remote flow sources for two C/C++ APIs:

• The Win32 WinHTTP header: https://learn.microsoft.com/en-us/windows/win32/api/winhttp/
• The Azure C/C++ SDK: https://learn.microsoft.com/en-us/azure/developer/cpp/sdk/overview

Commit-by-commit review recommended. Most of the code is just adding stubs for various APIs.

[Copilot]

Pull request overview

This pull request adds remote flow sources for two C/C++ APIs: the Win32 WinHTTP library and the Azure C/C++ SDK. These additions enable CodeQL to track data flowing from HTTP responses through these APIs as potential security-relevant remote data sources.

Changes:

• Added WinHttp.qll implementation file with taint-inheriting content classes for WinHTTP data structures
• Added model definitions for WinHTTP functions (WinHttpReadData, WinHttpQueryHeaders, WinHttpCrackUrl, etc.) and Azure SDK classes (RawResponse, Request, BodyStream, etc.)
• Added comprehensive test coverage for both WinHTTP and Azure SDK APIs with expected results

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll	Defines QL classes for WinHTTP structures and taint-inheriting content handling
cpp/ql/lib/semmle/code/cpp/models/Models.qll	Imports the new WinHttp implementation
cpp/ql/lib/ext/Windows.model.yml	Adds source and summary models for WinHTTP API functions
cpp/ql/lib/ext/azure.core.model.yml	Adds source and summary models for Azure SDK HTTP and IO classes
cpp/ql/test/library-tests/dataflow/external-models/windows.cpp	Adds test cases for WinHTTP functions with function declarations and test code
cpp/ql/test/library-tests/dataflow/external-models/azure.cpp	Adds test cases for Azure SDK classes with stubs and test code
cpp/ql/test/library-tests/dataflow/external-models/*.expected	Updates test expectations to reflect new sources, steps, and flow patterns

Comments suppressed due to low confidence (1)

cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll:10

• The comment says "classes" but should be "class" since WINHTTP_EXTENDED_HEADER is a single class/struct type.

/** The `WINHTTP_EXTENDED_HEADER` classes from `winhttp.h`. */

[geoffw0]

Tests, models, DCA all LGTM. 👍

[geoffw0]

Some of the specifics here are in excess of what we need for what's being tested. Its not an issue, but might've saved a bit of effort (perhaps).

[MathiasVP]

Yeah, totally not necessary. I just figured it couldn't hurt