Mark CVE-2017-15131/xdg-user-dirs as unimportant

Any enforcement of umask at session start could be done e.g. with
pam_umask(8).

Futhermore the CVE seems specific reproducible with Red Hat Enterprise,
but the issue from its idea is still applicable to other systems but
highly dependent on the environment.