ttyrun: define CVE_PRODUCT

Single executable ttyrun is taken ouf of s390-tools repository
containing ton of other helper tools.
CVEs are not assigned to executables, but to whole components.
Historically there also already exists one CVE for s390-tools.

Most of the CVEs will not be for ttyrun, but this is the way
how to get notified even if most we get will have to be ignored.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>