tools/xz: Add PKG_CPE_ID for proper CVE tracking

No match.