add PKG_CPE_ID ids to package and tools

CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

package/network/utils/curl/Makefile

@@ -20,6 +20,7 @@ PKG_HASH:=2594670367875e7d87b0f129b5e4690150780884d90244ba0fe3e74a778b5f90
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:haxx:libcurl
 
 PKG_FIXUP:=autoreconf
 PKG_BUILD_PARALLEL:=1