Allow OWASP category to be a string or an array in custom validation schema
What does this MR do?
Modifies the custom JSON schema to allow the OWASP metadata field to be either a string or an array containing known OWASP Top 10 category from 2017 or 2021.
Also corrects wrong categories in the current rules.