feat: dd-trace 5.0 to 6.0 - report AppSec Remote Configuration-only options

[mohab-sameh]

Summary

Report removed AppSec programmatic options that must move to Datadog UI and
Remote Configuration.

Detection Criteria

Detect:

• appsec.extendedHeadersCollection.enabled
• appsec.extendedHeadersCollection.redaction
• appsec.extendedHeadersCollection.maxHeaders
• appsec.rasp.bodyCollection
• DD_APPSEC_COLLECT_ALL_HEADERS
• DD_APPSEC_HEADER_COLLECTION_REDACTION_ENABLED
• DD_APPSEC_MAX_COLLECTED_HEADERS
• DD_APPSEC_RASP_COLLECT_REQUEST_BODY

Also detect the same programmatic shapes if nested under experimental.appsec.

Transformation Logic

Do not rewrite automatically. Record warnings/metrics with the option path.

Covered by the optional report-only AI step in
codemods/move-experimental-appsec-options and by the final review step in
codemods/dd-trace-5-to-6-migration-recipe.

Before / After Example

tracer.init({
  appsec: {
    extendedHeadersCollection: { enabled: true }
  }
});

Manual action: configure extended header collection in Datadog UI / Remote Configuration.

Notes / Edge Cases

The programmatic settings require Datadog account/UI state and are not safely
expressible as a source rewrite. The matching env vars are deprecated in v6 and
should be reported for owner review rather than removed blindly.