Update information on CVE-2017-17497/tidy-html5

Unfortunately a vulnerable upload as 2:5.6.0-1 was performed to unstable
(previously the issue did not affect any version in a respective suite).
With the 2:5.6.0-1 upload the package needed a targeted upload to adress
the issue in unstable.

Adjust tracking information and move the not affected version only to
the stretch stanza.

Annotate unstable version with the 2:5.6.0-3 version information.