security/vuxml: Mark mosquitto >= 2.0.0, < 2.0.10 vulnerable as per:

https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt

• If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurred, most likely resulting in a segfault.

PR: 255229
Reported by: Daniel Engberg