Mark CVE-2018-2054{5,8}/libcaca as unimportant

Although affected source code wise for both upstream issues, the binary
packages as produced in Debian use the Imlib2 library for the build and
not the fallback BMP loader.