Add TODO note for CVE-2019-11461 with respect to src:gnome3-desktop

We might need to track the CVE as well for gnome3-desktop. Nautilus
fixed the issue in the embedded copy included, so the issue might have
relevance as well for src:gnome3-desktop itself.

The affected files are build.

Thanks: Paul Wise for the heads-up.