mercurial: set CVE_PRODUCT to "mercurial-scm:mercurial mercurial:mercurial"

Other product "mercurial" introduce false CVE finding like:

https://nvd.nist.gov/vuln/detail/CVE-2022-43410

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-oe/recipes-devtools/mercurial/mercurial_6.6.3.bb

@@ -34,4 +34,4 @@ PACKAGES =+ "${PN}-python"
 FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}"
 FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}"
 
-CVE_STATUS[CVE-2022-43410] = "cpe-incorrect: The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue."
+CVE_PRODUCT = "mercurial-scm:mercurial mercurial:mercurial"