Poppler CVE fixes

ade9b5ebed44b0c15522c27669ef6cdf93eff84e - CVE-2024-56378
not picked - we don't ship pdfinfo utility - CVE-2024-6239
not picked - we don't ship NSS backend - CVE-2025-43903
Taking debian/ubuntu patch - otherwise big - CVE-2025-52886
f54b815672117c250420787c8c006de98e8c7408 - CVE-2025-43718
1f151565bbca5be7449ba8eea6833051cc1baa41 - CVE-2025-32365
d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 - CVE-2025-32364
08d7894e4dd0e313c179e30f06ad8f546619b1b3 - CVE-2025-50420
(while CVE only describes pdfseparate, it might also apply to other
document load. Fix is in poppler-core)
4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0 - CVE-2025-52885