Track fixes for CVE-2009-347{4,5,6}/opensaml

The src:opensaml package was re-introduced in Debian starting with the
3.0.0-1 version to experimental and later uploaded to unstable.

As such track the first src:opensaml version in unstable containing
those fixes as the one for the fixed version. While it was named
src:opensaml2 it was fixed in src:opensaml2/2.2.1-1 to unstable.