Add fixed version for CVE-2019-1010006/atril

The debian/changelog is slightly confusing as it suggests earlier
versions did include the patch to adress the issue. But it seems to have
been really only added after the 1.22.1-1 release in the packaging
repository and then later when rebased to 1.22.2 removed the patch.
1.22.2 is containing the fix and so 1.22.2-1 uploaded to unstable.