Mark CVE-2018-14048/libpng1.6 as unimportant

The reason for the unimportant severity is that the underlying issue is
actually in the use of the libpng library by the pnm2png tool, which is
not shipped in the binary packages produced.