Detect quadratic patterns

[RunDevelopment]

Some seemly innocent patterns can have a run time of O(n^2). This can be a vulnerability as pointed out here and further explained here.

"Even extremely simple regexes like /a+b/ show this O(n^2) behavior for inputs like 'a'*n." ('a'*n means n-many a characters.)

The purpose of this rule is to detect these patterns.

From what I've seen, the general rule seems to be: If there exists some set of paths AB*C in the regex R such that x = (L(A) ∩ L(B*)) \ ({ε} ∪ L(C)) is not the empty set, then R will take Ω(n^2) many steps to reject a word w ∈ x^n \ L(R).

Please note the Omega in the time complexity bound. This is not a typo. The backtracking algorithm might actually take more than O(n) steps to reject a suffix of the input string.

[RunDevelopment]

Already covered ota-meshi/eslint-plugin-regexp#159.