sdk/krb5.bst: fix CPE annotations
The most recent CVEs seem to be use kerberos_5 as product name and don't contain 5- in their version numbers.
This also adds a workaround to the script to not fail when it can't parse the version but just consider it vulnerable instead.
Edited by Abderrahim Kitouni