arm/optee: handle CVE-2021-36133 as disputed

This CVE is specific to NXP i.MX boards which are documented as being
shipped unsecure, as they're meant for development.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-arm/recipes-security/optee/optee.inc

@@ -31,3 +31,6 @@ EXTRA_OEMAKE += "V=1 \
 # python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
 # right path until this is relocated automatically.
 export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
+# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt.
+CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes"