fix(fp): consolidate suppressions for the Validator.nu (VNU) HTML checker

[chadlwilson]

Description of Change

A new CVE in a generic named CPE is leading to a lot of FPs

• [FP]: isorelax being misattributed as Nu HTML Checker/validator #8243
• [FP]: Jing misattributed as Nu html checker #8244
• [FP]: False positive on CVE-2025-15104 for pkg:maven/com.networknt/json-schema-validator@2.0.1 #8247
• [FP]: False positive on CVE-2025-15104 for hibernate-validator #8249

Consolidate to a negative-lookahead suppression.

The library is released as

• a single artifact library: https://mvnrepository.com/artifact/nu.validator/validator
• inside an npm package at https://www.npmjs.com/package/vnu-jar
• inside an executable uber jar

Vulnerability is categorised against the first two package types: GHSA-fccg-7w3p-w66f so this should be good enough, to also stop the CPE matching against "validator"s in all manner of other package types. The executable jar should match against the jar if indeed a PURL can be inferred for it (if not, a hint can be added)

Related issues

• [FP]: isorelax being misattributed as Nu HTML Checker/validator #8243
• [FP]: Jing misattributed as Nu html checker #8244
• [FP]: False positive on CVE-2025-15104 for pkg:maven/com.networknt/json-schema-validator@2.0.1 #8247
• [FP]: False positive on CVE-2025-15104 for hibernate-validator #8249

Have test cases been added to cover the new functionality?

N/A