CLSA-2026-1778297730 exim: Fix of 2 CVEs

CVE-2026-40685: dewrap OOB read/write on trailing backslash in JSON header - CVE-2026-40687: SPA authenticator OOB read/write and base64 decode infoleak - Refresh Exim-Maintainers-Keyring.asc to verify the 4.99.x release tarball signature...

CLSA-2026-1777544437 webkit2gtk3: Fix of 35 CVEs

Rebase to webkitgtk 2.52.3 to address WebKitGTK security advisories WSA-2026-0001 and WSA-2026-0002 matches RHSA-2026:9692. - Drop all CVE-2025- backport patches Patch100..Patch112; the fixes are included in 2.52.3 upstream. - Drop fix-missing-typename.patch: target source file was removed...