py/insecure-protocol missing urllib3 ssl_version tracking & false positive on secure defaults

[9iang22]

1. The analysis only inspects standard SSL and pyOpenSSL module constructors and fails to detect insecure ssl_version arguments passed to widely used libraries like urllib3.PoolManager.
2. It seems ssl.create_default_context() is incorrectly flagged as vulnerable; it is the best default for the client as per the doc.

import ssl
import socket
from urllib3.poolmanager import PoolManager

sock = socket.socket()

# FN: use urllib3 PoolManager with explicit insecure ssl_version
pool_mgr = PoolManager(ssl_version=ssl.PROTOCOL_TLSv1)

# FP: https://docs.python.org/3/library/ssl.html#ssl-security
ctx = ssl.create_default_context()
ctx.wrap_socket(sock, server_hostname='example.com')