Use consistent OWASP identifier syntax in Secure analyzers

Proposal

As a result of #423557 (comment 1620994014), we discovered that our analyzers don't use a consistent format for OWASP identifiers.

Semgrep is the exception, and it includes validation to enforce a consistent syntax.

We would like to do this for all devopssecure analyzers.

The user benefit is that Category:Vulnerability Management features such as grouping and filtering by OWASP work better when the identifier format is consistent.

/cc @johncrowley @smeadzinger @sarahwaldner @twoodham @amarpatel