move the examples for the qhelps into an example/ folder

java/ql/src/Security/CWE/CWE-022/TaintedPath.qhelp

@@ -38,13 +38,13 @@ the user input matches one of these patterns.</p>
 and send it back over the socket. However, a malicious user could enter a file name anywhere on the file system,
 such as "/etc/passwd".</p>
 
-<sample src="TaintedPath.java" />
+<sample src="examples/TaintedPath.java" />
 
 <p>Simply checking that the path is under a trusted location (such as a known public folder) is not enough,
 however, since the path could contain relative components such as "..". To fix this, check that it does
 not contain ".." and starts with the public folder.</p>
 
-<sample src="TaintedPathGood.java" />
+<sample src="examples/TaintedPathGood.java" />
 
 </example>
 <references>

java/ql/src/Security/CWE/CWE-022/ZipSlip.qhelp

@@ -45,12 +45,12 @@ the result is within the destination directory. If provided with a zip file cont
 path like <code>..\sneaky-file</code>, then this file would be written outside the destination
 directory.</p>
 
-<sample src="ZipSlipBad.java" />
+<sample src="examples/ZipSlipBad.java" />
 
 <p>To fix this vulnerability, we need to verify that the normalized <code>file</code> still has
 <code>destinationDir</code> as its prefix, and throw an exception if this is not the case.</p>
 
-<sample src="ZipSlipGood.java" />
+<sample src="examples/ZipSlipGood.java" />
 
 </example>
 <references>