Highlight third-party modules that are security critical

Mark any modules listed as 'processing untrusted content' in
https://wiki.qt.io/Third_Party_Code_in_Qt also in the
qt_attribution.json files.

For reasoning, see also

https://lists.qt-project.org/pipermail/development/2023-February/043667.html

Pick-to: 6.5
Change-Id: I1fe9b7e9e7f49db86f8289fbd87813ed4049377e
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>

src/3rdparty/libtiff/qt_attribution.json

@@ -3,10 +3,13 @@
     "Name": "TIFF Software Distribution (libtiff)",
     "QDocModule": "qtimageformats",
     "QtUsage": "Used in the qtiff image plugin if no system libtiff is found.",
+    "SecurityCritical": true,
 
     "Description": "",
     "Homepage": "http://www.simplesystems.org/libtiff/",
     "Version": "4.5.0",
+    "DownloadLocation": "https://download.osgeo.org/libtiff/tiff-4.5.0.tar.gz",
+
     "License": "libtiff License",
     "LicenseId": "libtiff",
     "LicenseFile": "COPYRIGHT",

src/3rdparty/libwebp/qt_attribution.json

@@ -3,10 +3,13 @@
     "Name": "WebP (libwebp)",
     "QDocModule": "qtimageformats",
     "QtUsage": "Used in the qwebp image plugin if no system libwebp is found.",
+    "SecurityCritical": true,
 
     "Description": "WebP is a new image format that provides lossless and lossy compression for images on the web.",
     "Homepage": "https://developers.google.com/speed/webp/",
     "Version": "1.3.0",
+    "DownloadLocation": "https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.3.0.tar.gz",
+
     "License": "BSD 3-clause \"New\" or \"Revised\" License",
     "LicenseId": "BSD-3-Clause",
     "LicenseFile": "COPYING",