Update GroovyInjection.qhelp

Author: p0wn4j

java/ql/src/experimental/Security/CWE/CWE-094/GroovyInjection.qhelp

@@ -29,7 +29,7 @@ The fundamental problem is that Groovy is a dynamic language, yet SecureASTCusto
 
 This makes it very easy for an attacker to bypass many of the intended checks
 (see https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).
-Therefore, besides SecureASTCustomizer, runtime checks are also necessary before calling Groovy methods
+Therefore, besides <code>SecureASTCustomizer</code>, runtime checks are also necessary before calling Groovy methods
 (see https://melix.github.io/blog/2015/03/sandboxing.html).
 
 It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM.