Add CVE-2019-3689/nfs-utils

Whilst the CVE description itself mentions SuSE packages only Debian has
a similar approach and chowns /var/lib/nfs to statd user. The issue
exploitability per se is mitigated by the default enabled kernel
hardening for fs.protected_symlinks.