Improve Batch Queries Scanner (#215)

[wjdwl002]

Summary

Closes #215.

Adds an automated Batch Queries Scanner that probes whether a GraphQL
endpoint supports query batching, complementing the existing manual Batch
Queries tab. It detects two batching styles and surfaces results both as Burp
audit issues and in the InQL scan results tree.

Rationale

Previously InQL had no automated way to determine whether an endpoint supports
batching. Batching support is a meaningful finding because it enables
rate-limit bypass, brute-force amplification, and DoS via a single HTTP request.

What's included

• BatchScanner.kt — sends two probes (__typename-based) and analyzes responses:
  • Alias batching: query { inql_batch_alias1: __typename inql_batch_alias2: __typename }
  • Array batching: a 2-element JSON array of query objects
• BurpScannerCheck.kt — reports a LOW/CERTAIN AuditIssue per supported batch type during active audit.
• ScanResultsTreeNode.kt — adds a "Batch Query Detection" node to the scan tree.
• Config.kt — adds report.batch, report.batch.alias, report.batch.array toggles (default on).
• build.gradle — adds JUnit 5 + Mockito test deps, useJUnitPlatform(), and a test source set.
• BatchScannerTest.kt — 30 unit tests covering payload generation, response analysis, and edge cases.

Testing

./gradlew test --tests "inql.graphql.scanners.BatchScannerTest" → BUILD SUCCESSFUL, 30 tests passing.

Notes

• Unit tests cover the pure functions (payload generation + response analysis);
  the live scan() path depends on Burp.Montoya and is exercised at runtime.
• montoya-api is declared compileOnly in the main module, so testCompileOnly/testRuntimeOnly
  entries were added to make it available on the test classpath.