Analyze expression types instead of component interface types
Changed type-resolver to analyze the TypeScript types of the actual
JSX attribute expressions being passed, rather than the component's
props interface type.
This ensures we detect sensitive data even when components accept
'any' types. For example, if you pass a user object with nested
credentials.password, we'll analyze the user object's type and
detect the nested sensitive field.
Key changes:
- Use typeChecker.getTypeAtLocation(expression) for each JSX attribute
- Build type string from actual expression types
- Recurse into object types to check nested properties
- Handle spread attributes by expanding properties
- Remove unused getPropsType() function
Test case: ClientButton with no types, but passing user object
with nested credentials.password → successfully detects it.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
