move the code samples for the Go command-injection queries to an examples/ folder

Author: erik-krogh

go/ql/src/Security/CWE-078/CommandInjection.qhelp

@@ -27,7 +27,7 @@ using it.
 In the following example, assume the function <code>handler</code> is an HTTP request handler in a
 web application, whose parameter <code>req</code> contains the request object:
 </p>
-<sample src="CommandInjection.go"/>
+<sample src="examples/CommandInjection.go"/>
 <p>
 The handler extracts the name of a system command from the request object, and then runs it without
 any further checks, which can cause a command-injection vulnerability.

go/ql/src/Security/CWE-078/StoredCommand.qhelp

@@ -28,13 +28,13 @@ using it.
 In the following example, the function <code>run</code> runs a command directly from the result of a
 query:
 </p>
-<sample src="StoredCommand.go"/>
+<sample src="examples/StoredCommand.go"/>
 <p>
 The function extracts the name of a system command from the database query, and then runs it without
 any further checks, which can cause a command-injection vulnerability. A possible solution is to
 ensure that commands are checked against a whitelist:
 </p>
-<sample src="StoredCommandGood.go"/>
+<sample src="examples/StoredCommandGood.go"/>
 </example>
 
 <references>