Add support for 'unaffected', a ghost version for CVEs which are we are not affected by.
cifs-utils 6.11 has a CVE that requires --with-systemd, this is just the catalyst case, but it would be nice if we had a field called unaffected for CVEs we are not affected by.
Example:
# secfixes:
# 1.0.0-r0:
# - CVE-2020-1000
# unaffected:
# - CVE-2020-1001 (needs --with-systemd)