RegEx evaluation should have a time out specified

As Microsoft stated itself:

When using System.Text.RegularExpressions to process untrusted input, pass a timeout. A malicious user can provide input to RegularExpressions causing a Denial-of-Service attack. ASP.NET Core framework APIs that use RegularExpressions pass a timeout.

The rule should raise a warning on all RegEx methods that lack a timeout parameter when an overload with a timeout is available. So:

var compliant = new Regex(@"\b\w+\b", RegexOptions.None, TimeSpan.FromMilliseconds(5)); // Compliant
var noncompliant = new Regex(@"\b\w+\b", RegexOptions.None); // Noncompliant