Update expectations for sast job

Update QA-all-base-FREEZE fixtures from v1 format to v2.

Compared using jq:

~/code/gl/security_products/tests/php-composer QA-all-base-FREEZE
❯ cat qa/expect/gl-sast-report.json | jq 'length'
6

~/code/gl/security_products/tests/php-composer QA-all-base-FREEZE
❯ cat qa/expect/gl-sast-report.json | jq 'map(.cve) | sort'
[
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.FringeFunctions.WarnFringestuff",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.Phpinfos.WarnPhpinfo",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.PregReplace.PregReplaceE",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.PregReplace.PregReplaceUserInput",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.PregReplace.PregReplaceUserInputE",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.SystemExecFunctions.WarnSystemExec"
]

~/code/gl/security_products/tests/php-composer QA-all-base-FREEZE
❯ git checkout update-qa-sast-433
Switched to branch 'update-qa-sast-433'
Your branch is up to date with 'origin/update-qa-sast-433'.

~/code/gl/security_products/tests/php-composer update-qa-sast-433
❯ cat qa/expect/gl-sast-report.json | jq '.vulnerabilities | length'
6

~/code/gl/security_products/tests/php-composer update-qa-sast-433
❯ cat qa/expect/gl-sast-report.json | jq '.vulnerabilities | map(.cve) | sort'
[
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.FringeFunctions.WarnFringestuff",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.Phpinfos.WarnPhpinfo",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.PregReplace.PregReplaceE",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.PregReplace.PregReplaceUserInput",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.PregReplace.PregReplaceUserInputE",
  "app/main.php:PHPCS_SecurityAudit.BadFunctions.SystemExecFunctions.WarnSystemExec"
]