Update status for CVE-2019-10740/roundcube

The issue is mostly "irrelevant" in direct installations in Debian, as
the functionality relies on the enigma plugin which depends on the PHP
PEAR module (php-crypt-gpg).

php-crypt-gpg is neither in stretch nor in buster so we can mark the
issue as ignored. Still the issue might be fixed in a later point
release.