Improve handling of suppression comments in nested calls

[mlevesquedion]

#283 is adding the ability to suppress reports at call sites using a code comment. In most cases, the suppression behaves as expected. There is one case where the (lack of) suppression behavior is surprising:

	// TODO(#284): we don't actually want a report here
	fmt.Println(
		core.SinkAndReturn(s), // levee.DoNotReport // want "a source has reached a sink"
	)

This is because in the comment map, the // levee.DoNotReport comment is (unexpectedly) associated with the s identifier, not the core.SinkAndReturn call.

Since s is an argument to core.SinkAndReturn, we could find the identifier by traversing the tree under the CallExpr that corresponds to core.SinkAndReturn and find the suppressing comment on the identifier. However, looking for suppressing comments on the arguments may cause misleading behavior, as in other cases it would suggest that it is possible to suppress a report for a specific argument, which isn't the case.

See #283 (comment) for additional discussion.

---

Here is a bit of code that can be used to dump the comment map for a file, which may be handy in investigating this issue.

package main

import (
	"fmt"
	"go/ast"
	"go/parser"
	"go/token"
	"os"
	"sort"
)

func main() {
	fset := token.NewFileSet()
	f, err := parser.ParseFile(fset, os.Args[1], nil, parser.ParseComments)
	if err != nil {
		panic(err)
	}
	// type CommentMap map[Node][]*CommentGroup
	cm := ast.NewCommentMap(fset, f, f.Comments)
	nodes := make([]ast.Node, 0, len(cm))
	for node := range cm {
		if node.Pos() == f.Pos() {
			continue
		}
		nodes = append(nodes, node)
	}
	sort.Slice(nodes, func(i, j int) bool { return nodes[i].Pos() < nodes[j].Pos() })
	for _, node := range nodes {
		comments := cm[node]
		fmt.Printf("%#v\n", node)
		fmt.Println(fset.Position(node.Pos()).Line)
		for _, c := range comments {
			fmt.Println(fset.Position(c.Pos()).Line)
			fmt.Println(c.Text())
		}
	}
}