update syntax a bit to re-run the test

rules/linux/macos_startup_items.yml

@@ -11,11 +11,9 @@ logsource:
   product: macos
 detection:
   selection_1:
-    TargetFilename|contains:
+    TargetFilename|contains: '/Library/StartupItems/'
-      - '/Library/StartupItems/'
   selection_2:
-    TargetFilename|endswith:
+    TargetFilename|endswith: '.plist'
-      - '.plist'
   condition: selection_1 and selection_2
 falsepositives:
     - Legitimate administration activities
@@ -24,4 +22,3 @@ tags:
     - attack.persistence
     - attack.privilege_escalation
     - attack.t1037.005
-