Add Server-Side Template Injection (SSTI)

[plr0man]

Issue: Resolves #269

CVSS v3 Mapping:

• server_side_injection.ssti.basic: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
• server_side_injection.ssti.custom: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE Mapping:

• server_side_injection.ssti: CWE-94: Improper Control of Generation of Code ('Code Injection')

Remediation Advice Mapping:

1. Wherever possible, avoid creating templates from user input. Passing user input into templates as parameters is normally a safe alternative.
2. If supporting user-submitted templates is a business requirement, consider using a simple logic-less template engine such as Mustache or one provided by the native language like Python's Template. If this is not an option, review the chosen template engine's documentation for hardening advice, and consider rendering the template within a sandboxed execution environment.

References:
https://portswigger.net/kb/issues/00101080_server-side-template-injection

Checklist:

• I have added entries to CHANGELOG.md and marked it Added/Changed/Removed