Reassign CVE-2019-10732 to kf5-messagelib source package instead of kmail

The underlying issue is actually to be found and adressed in
kf5-messagelib and not directly in the src:kmail source package. Thus
adjust tracking of the source package.