C++: remove partial flow from UnknownType

Author: rdmarsh2

cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll

@@ -199,17 +199,14 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {
   // Flow through pointer dereference
   i2.(LoadInstruction).getSourceAddress() = i1
   or
-  // Flow through partial reads of arrays, unions, and pointer parameters
-  // TODO: `UnknownType` includes *all* pointer parameters. We only want
-  // array-like pointer parameters
+  // Flow through partial reads of arrays and unions
   i2.(LoadInstruction).getSourceValueOperand().getAnyDef() = i1 and
   not i1.isResultConflated() and
   (
     i1.getResultType() instanceof ArrayType or
-    i1.getResultType() instanceof UnknownType or
     i1.getResultType() instanceof Union
- )
- or
+  )
+  or
   // Unary instructions tend to preserve enough information in practice that we
   // want taint to flow through.
   // The exception is `FieldAddressInstruction`. Together with the rule for