Merge ~rbalint/ubuntu-seeds/+git/platform:demote-devscripts-lintian into ~ubuntu-core-dev/ubuntu-seeds/+git/platform:groovy

Devscripts recommends lintian and it doing so makes sense, so devscripts should be demoted together with lintian.

I'm uncomfortable with demoting devscripts, because it contains many tools which are critical to the Ubuntu development process and I think it should be covered by security support.

I agree that devscripts tools are critical, but we can support it in universe including providing security support. The delta we carry is very small, too, thus I expect little maintenance work to be done on the package going forward.
Ideally devscripts should be in main, but IMO MIRs for the ever growing lintian dependencies create too much work for very little gain and an extra cost of main gaining newer and newer Perl packages.

Lintian had one security update since Precise:

lintian (2.5.43ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via YAML parsing
    - checks/upstream-metadata.pm: disable YAML parser.
    - t/tests/upstream-metadata-invalid-yml/skip: skip test.
    - 0a2f38ecbc70d34a4b77c93a030555b310bd34ff
    - CVE-2017-8829

 -- Marc Deslauriers <email address hidden> Mon, 05 Jun 2017 14:33:13 -0400

Devscripts had a few:

devscripts (2.17.12ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Code execution through unsafe YAML loading
    - CVE-2018-13043
---
devscripts (2.14.1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue in uupdate
    - scripts/uupdate.sh: remove symlinks before applying patches, and
      restore them afterwards.
    - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
    - CVE-2014-1833

---
devscripts (2.11.6ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue in uupdate
    - scripts/uupdate.sh: remove symlinks before applying patches, and
      restore them afterwards.
    - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
    - CVE-2014-1833

 -- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 13:15:39 -0400

devscripts (2.11.6ubuntu1.6) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
    - scripts/uscan.pl: improve tarball handling.
    - 02c6850d973e3e1246fde72edab27f03d63acc52
    - 4b7e58ee6000cdefac0682601cec6ecce0137467
    - CVE-2013-6888

 -- Marc Deslauriers <email address hidden> Fri, 10 Jan 2014 13:02:15 -0500

devscripts (2.11.6ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via insufficient validation
    in dscverify
    - scripts/dscverify.pl: perform better validation.
    - 9fba4788933475185df5e58b7fa557e5e3fb15e4
    - CVE-2012-2240
  * SECURITY UPDATE: arbitrary file deletion via insufficient validation
    in dget
    - scripts/dget.pl: strip invalid characters
    - 0fd15bdec07b085f9ef438dacd18e159ac60b810
    - CVE-2012-2241
  * SECURITY UPDATE: file alteration via TOCTOU in annotate-output
    - scripts/annotate-output.sh: prevent symlink attack.
    - 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
    - CVE-2012-3500
  * REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
    - f9a1a4c468671827d2650161cc33324fe0247a98

For now lintian and devscripts stay in main because there would be no easy way of monitoring the security problems if they were demoted, according to the Security Team.

This could be revisited later.