Data flow: Account for hidden `subpath` wrappers

[hvitved]

Previously, we would not get subpaths computed for hidden wrappers, such as when flow passes through a callback passed into a library method with a flow summary:

a = [taint]
b = a.each do |x| # missing subpath: `a` (line 2) to `x` (line 2), `x` (line 2) to `x` (line 3), and `x` (line 3) to `b`
  x
end
sink x

This PR changes that to allow for an arbitrary number of hidden intermediate wrappers, and also takes into account that argument/out/parameter nodes may be hidden (we previously only took into account that return nodes could be hidden).