doc: releases: Add CVE-2019-9506 to release notes

Add section about security vulnerability issues in the 2.0.0 release
notes.

Signed-off-by: David Brown <david.brown@linaro.org>