CHANGELOG: disclose CVE-2025-57275 for lib/nvmf

(8981ddb1)lib/nvmf: limit number of NVMe-oF registrants when updating PTPL info
Commit above fixed CVE-2025-57275 with CVSS 5.3.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:H/RL:O/RC:C&version=3.1



Prevented an array-out-of-bounds access during update of registrants for a namespace
when PTPL (Persist through power loss) was enabled. If number of registrants
exceeded 16 (SPDK_NVMF_MAX_NUM_REGISTRANTS) memory after the array ended could
have been written with data provided in Reservation Register command by the initiator.

PTPL needed to be enabled explicitly, as it is disabled by default.
Affected NVMe-oF transports include TCP and RDMA NVMe-oF in SPDK NVMe-oF target.

Fixed versions include SPDK v25.09 and SPDK v25.05.1.

Change-Id: I5f74d72fd3cae8fc1c17a6ab28f13d5872438f0f
Reported-by: Joel Cunningham <joel.cunningham@oracle.com>
Signed-off-by: Tomasz Zawadzki <tomasz.zawadzki@nutanix.com>
Reviewed-on: https://review.spdk.io/c/spdk/spdk/+/26783


Bypass-Merge-Requirements: Tomasz Zawadzki <tomasz@tzawadzki.com>
Reviewed-by: Jim Harris <jim.harris@nvidia.com>