flex: Add CVE-2019-6293 to exclusions for checks

CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.

https://github.com/westes/flex/issues/414



Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cae5d7a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>