CVE-2019-0225: articleId in pov-project.json != articleId in pom.xml, also version should already be patched

[wtwhite]

The pom.xml for CVE-2019-0225 specifies org.apache.jspwiki:jspwiki-main:2.11.0.M6, but there are 2 unusual things about this:

1. /tools/create-pov-project.js auto-assigned the articleId jspwiki-war (instead of jspwiki-main) based on the GHSA
2. The CVE report only claims that versions up to 2.11.0.M2 are vulnerable, and the GHSA even states that 2.11.0.M3 is already patched -- so how could the later 2.11.0.M6 still be vulnerable?

The initial issue is that this discrepancy broke shadedetector's metadata-reading codepath. Beyond that, the underlying test might need fixing anyway.

[wtwhite]

vul4j does state that the failing module is jspwiki-main.

[wtwhite]

The commit, https://github.com/apache/jspwiki/commit/88d89d6523802c044cfcb7930cba40d8eeb21da2, that vul4j claims contains the human patch also contains a new test, which is what we currently use (modulo some other changes described in the README) -- but that test has a bug, which was fixed a few minutes later in https://github.com/apache/jspwiki/commit/3ad9e5e5d9748750d49cc17ade48637dc0effbc6.

With that fix to the test, it should pass in all versions >= 2.11.0.M3, and fail in all earlier versions.

Solution: Make the same change to our copy of the test (and notify vul4j as well, to be nice).