Address review comments on path-injection[read] sub-kind

- shared/mad/codeql/mad/ModelValidation.qll: shorten the comment
  for `path-injection[%]` to `// Java-only currently`, matching the
  style of other language-scoped entries and dropping API examples
  and the java/zipslip reference.
- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: replace
  the `File.exists` example in the QLDoc with `FileReader`, since
  `File.exists` is still labelled plain `path-injection`, not
  `path-injection[read]`.

Author: MarkLee131

java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll

@@ -55,8 +55,8 @@ module ZipSlipFlow = TaintTracking::Global<ZipSlipConfig>;
  *
  * This deliberately selects only the `path-injection` sink kind and excludes
  * `path-injection[read]`: Zip Slip is an archive-extraction vulnerability, so
- * read-only path sinks (e.g. `ClassLoader.getResource`, `FileInputStream`,
- * `File.exists`) are outside the threat model.
+ * read-only path sinks (for example `ClassLoader.getResource`,
+ * `FileInputStream`, and `FileReader`) are outside the threat model.
  */
 private class FileCreationSink extends DataFlow::Node {
   FileCreationSink() { sinkNode(this, "path-injection") }

shared/mad/codeql/mad/ModelValidation.qll

@@ -54,10 +54,7 @@ module KindValidation<KindValidationConfigSig Config> {
       this.matches([
           // shared
           "credentials-%", "encryption-%", "qltest%", "test-%", "regex-use%",
-          // shared: path-injection[read] identifies sinks that only read from a path
-          // (e.g. ClassLoader.getResource, FileInputStream, File.exists). Queries such
-          // as java/zipslip that only care about write/extraction deliberately exclude
-          // this sub-kind.
+          // Java-only currently
           "path-injection[%]",
           // Swift-only currently, but may be shared in the future
           "%string-%length", "weak-hash-input-%",