fix(daily-scan): use filePath instead of packageUrl for multi_json suppression (#120)

DependencyCheck does not assign a pkg:gem/ identifier to .gemspec files
scanned with --enableExperimental, so the packageUrl-based rule from #119
had zero matches. Switch to filePath matching which matches the actual
file path DC uses internally.

Author: thpierce

.github/dependency-check-suppressions.xml

@@ -3,7 +3,7 @@
     <!--False positive: multi_json gem incorrectly matched to json_project:json CPE (CVE-2020-10663 affects the json gem, not multi_json)-->
     <suppress>
         <notes><![CDATA[multi_json is a JSON adapter/wrapper gem, not the json gem affected by CVE-2020-10663. See https://nvd.nist.gov/vuln/detail/CVE-2020-10663]]></notes>
-        <packageUrl regex="true">^pkg:gem/multi_json@.*$</packageUrl>
+        <filePath regex="true">.*multi_json.*</filePath>
         <cpe>cpe:/a:json_project:json</cpe>
     </suppress>
 </suppressions>