analyzer: fix wording for assignment from NULL

analyzer: fix wording for assignment from NULL

This patch improves the wording of the state-transition event (1) in
the -Wanalyzer-null-dereference diagnostic for:

void test (void)
{
  int *p = NULL;
  *p = 1;
}

taking the path description from:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) assuming ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

to:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

since the "assuming" at (1) only makes sense for state transitions
due to comparisons, not for assignments.

gcc/analyzer/ChangeLog:
	* sm-malloc.cc (malloc_diagnostic::describe_state_change): For
	transition to the "null" state, only say "assuming" when
	transitioning from the "unchecked" state.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/malloc-1.c (test_48): New.