Consider the merits of banning the `static` token

[workingjubilee]

This is one of the more likely routes for state leakage that could plausibly break with SQL roles, and proved instrumental in techniques like:

• Catch #[no_mangle] #128

const would remain acceptable as it has more restrictions on how it is used.