Prepare stable update for xrdp (DLA-4166-1)

This package has one or more CVEs fixed by a DLA, but the same CVEs remain unfixed in more recent releases.

In this case, the remaining open CVEs have been triaged by the security team, and fixed in trixie through unstable, so they have no immediate plans to deal with them.

Please coordinate with the maintainer and SRM to have an updated package included in the next point release (for CVEs affecting bookworm). https://www.debian.org/doc/manuals/developers-reference/pkgs.html#special-case-uploads-to-the-stable-and-oldstable-distributions

Additionally, please keep the security team informed concerning this matter by mailing team@security.debian.org with a brief summary once a course of action has been agreed upon between yourself, the maintainer, and SRM (as applicable).

Package: xrdp
DLA: DLA-4166-1, https://lists.debian.org/debian-lts-announce/2025/05/msg00018.html
Version in DLA: 0.9.21.1-1~deb11u2
CVE(s): CVE-2023-40184, CVE-2023-42822, CVE-2024-39917
Fixed in: bullseye
Still present in: bookworm

Cc @abhijith (DLA uploader) in case there's more info :)