Security/PHPFilterFunctions: report restricted filter on the correct token

Throw the warning about the use of a restricted filter on the actual filter constant, not on the function call token. This will more clearly indicate the issue when people use the PHPCS `code` view.

Author: jrfnl

WordPressVIPMinimum/Sniffs/Security/PHPFilterFunctionsSniff.php

@@ -9,6 +9,7 @@
 
 namespace WordPressVIPMinimum\Sniffs\Security;
 
+use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Utils\PassedParameters;
 use WordPressCS\WordPress\AbstractFunctionParameterSniff;
 
@@ -92,9 +93,11 @@ public function process_parameters( $stackPtr, $group_name, $matched_content, $p
 		}
 
 		if ( isset( $this->restricted_filters[ $target_param['clean'] ] ) ) {
+			$first_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, $target_param['start'], ( $target_param['end'] + 1 ), true );
+
 			$message = 'Please use an appropriate filter to sanitize, as "%s" does no filtering, see: http://php.net/manual/en/filter.filters.sanitize.php.';
 			$data    = [ $target_param['clean'] ];
-			$this->phpcsFile->addWarning( $message, $stackPtr, 'RestrictedFilter', $data );
+			$this->phpcsFile->addWarning( $message, $first_non_empty, 'RestrictedFilter', $data );
 		}
 	}
 }

WordPressVIPMinimum/Tests/Security/PHPFilterFunctionsUnitTest.php

@@ -44,7 +44,7 @@ public function getWarningList() {
 			56 => 1,
 			57 => 1,
 			58 => 1,
-			63 => 1,
+			65 => 1,
 			70 => 1,
 			71 => 1,
 			73 => 1,