Function build_data_surface 

pub fn build_data_surface(
    tools: &[ToolSurface],
    execution: &ExecutionSurface,
) -> DataSurface

Build a DataSurface from tool definitions and execution surface.

Extracts taint sources (tool parameters, env vars), sinks (process exec, HTTP requests, file writes, dynamic eval), and connects them with 1-hop taint paths when an operation uses a tainted argument.