Mark CVE-2017-12194 as no-dsa

A malicious spice server can cause problems to a spice-gtk client. Issue
is mninor and can be adressed in a point release. Adding a note
regarding the (de)marshal.py which are present in source but not in a
binary package: AFAICS these are actually used to generate code in
generated_client_(de)marshallers* and to be included in
libspice-common-client.so.