Mark CVE-2018-17076/gpp as no-dsa

Rationale: not sure it might be used e.g. in a service processing LaTeX
documents in a webservice. If it is purely used as CLI tool, this would
be unimportant severity. Still disputable how to mark it correctly.