Fix typo in cwe863 lesson session attribute name

[james-carlson]

Summary

The CWE-863 (Incorrect Authorization) lesson at
trainingportal/static/lessons/blackBelt/cwe863.html has a typo in the
displayed sample code. On line 18, the first call to session.getAttribute
references "ch3loggedin", while the second call on the same line references
"ch863loggedin". Since this is the same condition guarding access to the
admin page, both attribute names should match.

This PR changes "ch3loggedin" -> "ch863loggedin" so the snippet is internally
consistent.

Note for maintainers (optional follow-up)

While verifying the typo, I noticed the lesson snippet uses the ch863 prefix
(e.g., ch863loggedin, ch863.jsp) but the actual vulnerable code it is
illustrating -- insecureinc/src/main/webapp/cwe863loggedin.jsp -- uses the
cwe863 prefix throughout (cwe863loggedin, cwe863.jsp).

If the intent is for the lesson to mirror the real vulnerable JSP exactly, a
follow-up could rename all ch863 references to cwe863 in this file. I kept
this PR scoped to the obvious typo to keep the change minimal -- happy to open
a separate PR for the broader rename if you'd like.

Test plan

• Open trainingportal/static/lessons/blackBelt/cwe863.html in the training
  portal and confirm the rendered code block now shows "ch863loggedin" on
  both session.getAttribute calls on line 18.