JS: Make TaintedFormatString have same severity as LogInjection

The CWE number for this query is associated with buffer overflows
from printf/scanf-style functions in C++, which has likely determined
its derived security score.

But in JavaScript, a tainted format string is unlikely to lead to
anything worse than log injection so we're manually update its score
to reflect this.

Author: asgerf

javascript/ql/src/Security/CWE-134/TaintedFormatString.ql

@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to garbled output.
  * @kind path-problem
  * @problem.severity warning
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id js/tainted-format-string
  * @tags security