FILTER_SANITIZE_STRING is not a valid sanitization

[kkmuffme]

filter_input currently allows the use of FILTER_SANITIZE_STRING and does not report it as error for WordPress.Security.ValidatedSanitizedInput

However:
a) this is not a valid sanitization for some (most?) use cases (see b for why)
b) it's deprecated as of PHP 8.1 - see the discussion in PHP core, as for why this was deprecated.

There's a filter in WP VIP already for when FILTER_UNSAFE_RAW is used. We could also add the FILTER_SANITIZE_STRING there too instead. Just thought I report it here, as this is an issue here already (The question is rather: if we dont want to move the whole thing from VIP to "general", since the FILTER_UNSAFE_RAW usage is an issue in general WP, not just with VIP)

[jrfnl]

Related to/duplicate of #512. The idea is to mitigate this is to, at some point, add a sniff to check all uses of filter_*() functions for typical gotchas. That sniff will probably go into PHPCSExtra.