Add OWASP and CERT references

Author: egregius313

java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.qhelp

@@ -40,6 +40,13 @@ safe before using it.</p>
   <li>
     The Java Tutorials: <a href="https://docs.oracle.com/javase/tutorial/essential/environment/env.html">, Environment Variables</a>.
   </li>
-
+  <li>
+    OWASP: <a href="https://owasp.org/www-community/attacks/Command_Injection">Command injection</a>.
+  </li>
+  <li>
+    CERT Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables">
+ENV02-J. Do not trust the values of environment variables
+    </a>.
+  </li>
 </references>
 </qhelp>