sdk/krb5.bst: fix CPE annotations

The most recent CVEs seem to be use kerberos_5 as product name and don't contain 5- in their version numbers.

This also adds a workaround to the script to not fail when it can't parse the version but just consider it vulnerable instead.