fix: ensure drupal/currency advisories use Drupal repository in their ecosystem

[G-Rath]

It seems there are a handful of Drupal packages exist in both Packagist and in the Drupal repository:

drupal/acquia_cms_dam exists in both repos and has packages
drupal/arch exists in both repos and has packages
drupal/computed_relationships exists in both repos and has packages
drupal/cors exists in both repos and has packages
drupal/currency exists in both repos and has packages
drupal/default_content exists in both repos and has packages
drupal/devel exists in both repos and has packages
drupal/dynamic_entity_reference exists in both repos and has packages
drupal/ems exists in both repos and has packages
drupal/external_entity exists in both repos and has packages
drupal/fillpdf exists in both repos and has packages
drupal/openstack_queues exists in both repos and has packages
drupal/operations exists in both repos and has packages
drupal/payment exists in both repos and has packages
drupal/root exists in both repos and has packages
drupal/stringoverrides exists in both repos and has packages

This means advisories for those packages will currently have the wrong ecosystem (sort of), though in practice it looks like drupal/currency is the only package with an actual advisory so I've added that as a special case rather than do anything more complex

[G-Rath]

This was caught by #161

[Unifex]

While I'm not comfortable with having an exception like this, I'm not seeing a good way of resolving this without having the package removed from one of those locations.

This feels acceptable for now.