fix: drop gpgme CPE ID without CVEs

[ffontaine]

gpupg:gpgme is a CPE ID without any CVEs so drop it: https://www.cvedetails.com/vulnerability-list/vendor_id-4711/product_id-94121/Gnupg-Gpgme.html

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a168298) 77.76% compared to head (3570eb8) 78.21%.
Report is 4 commits behind head on main.

❗ Current head 3570eb8 differs from pull request most recent head 47fa608. Consider uploading reports for the commit 47fa608 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3632      +/-   ##
==========================================
+ Coverage   77.76%   78.21%   +0.44%     
==========================================
  Files         781      783       +2     
  Lines       11700    11710      +10     
  Branches     1369     1369              
==========================================
+ Hits         9099     9159      +60     
+ Misses       2183     2130      -53     
- Partials      418      421       +3     

Flag	Coverage Δ
win-longtests	78.21% <100.00%> (+0.44%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[terriko]

Seems reasonable to remove. I wonder if we should be asking NVD to remove some of these no longer relevant CPEs?

[ffontaine]

Indeed, it would be great if the NVD database could be updated. However, I've never sent such kind of request, I don't know how much energy it would take to get it done.