security/vuxml: Document Poppler vulnerability
PR: 296769 Approved by: osa (mentor) Security: CVE-2026-10118