security/vuxml: Mark java/bouncycastle as vulnerable where applicable
Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.