treat foo.bind(something).bar() similar to foo.bar()

[mozfreddyb]

We can't do full type detection and it's (hard?) for us to detect stuff like

let hiding = eval
hiding(foo);

in fact, we don't think we ought to do so across the board as we're optimizing for well-intended code that is able to pass code review preferably.

[mozfreddyb]

Strategy:

• add a test that considers these cases as valid/invalid
• valid:
• • foo.bind(bar).baz()
• • document.body.insertAdjacentHTML.bind(document.body)("afterend", foo)
• invalid: document.body.insertAdjacentHTML.bind(document.body)("afterend", foo)

Implementation plan:
When inspecting CallExpressions in https://github.com/mozilla/eslint-plugin-no-unsanitized/blob/master/lib/rules/method.js#L94, we should not just say "it's fine" and break. Instead move the case statement above to those that need closer inspection. If the function being called is bind, we should construct a new "fake" CallExpression node object where the function being bound is called instead and call ruleHelper.checkMethod() on it. Similar, to how we create a "fake" node in the SequenceExpression code (above).

To see how your node objects and the syntax tree looks like, take a glance at https://esprima.org/demo/parse.html?code=document.body.insertAdjacentHTML.bind(document.body)(%22afterend%22%2C%20foo)