Demote CVE-2018-20124/qemu to unimportant

The state for PVRDMA and RDMA is quite confusing, but for this
particular issue hw/rdma/rdma_backend.c is build when pvrdma support is
enabled.

In 1:3.1+dfsg-4 --enable-rdma was left, while disabling --enable-pvrdma,
making the issue only affecting the source but not anymore the build
packages.

--enable-rdma is about RDMA migration and outside the quest, it is what qemu
does when communicate with another qemu during migration. (The option might
have been actually been called more something like --enable-rdma-migration
instead).

--enable-pvrdma: pvrdma is a specialized guest-visible device (the same
interface as vmware implements) to give rdma capabilities to the guest.

Both are are not related to each other, but pvrdma can't function without rdma
libs on the host.

Thanks: Michael Tokarev