Static analyzer: add smart pointer checker

The direct initialization case should be easily caught, and that should
be the majority case. But more interesting cases where the pointer in
question comes from another API or any other complicated logic might
need analysis to see whether the pointer ultimately originates from a
new call.

(honestly I'd love to see a make_unique added to the standard (for
convenience and safety (see any article entitled 'always name your
smart pointers' for examples)) and then consider flagging any use of
direct new (in a style checker, not in the compiler) and/or potentially
warning about any use of the raw pointer shared/unique ptr constructors)

Indeed, the checking that requires flow analysis could be a good static analyzer check.