Mark CVE-2016-6629,phpmyadmin as postponed

The $cfg['ArbitraryServerRegexp'] configuration directive is not present but it
is not clear if the new cookie encryption code is still needed. Mark as
postponed because this issue needs further investigation.