trusted-firmware-a.mk: add PKG_CPE_ID

Vulnerabilities of Trusted Firmware A are tracked as
cpe:/a:arm:arm_trusted_firmware

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

include/trusted-firmware-a.mk

 PKG_NAME ?= trusted-firmware-a
+PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware
 
 ifndef PKG_SOURCE_PROTO
 PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz