Mark CVE-2019-19191/shibboleth-sp as unimportant

While the issue is there in the upstream provided spec file, this has
not relevance for the binary packages provided in Debian and neither has
the postinst problematic similar logic.