package/libheif: security bump version to 1.20.1

Release notes: https://github.com/strukturag/libheif/releases

Version 1.19.6 fixes CVE-2025-43966 & CVE-2025-43967:
https://github.com/strukturag/libheif/releases/tag/v1.19.6

Updated license hash due to upstream commit:
https://github.com/strukturag/libheif/commit/377a957bd84018f4d27588c989fa5c66935c16ed

Note:

The patch for CVE-2025-43966 fixes libheif/image-items/iden.cc which was
added in version 1.19.0.
https://github.com/advisories/GHSA-7g9v-7vc7-pmrw

The patch for CVE-2025-43967 does not apply cleanly to 1.18.2 even after
renaming "/image-items/" to "/codecs/". Therefore, this patch is not
backported.
https://github.com/advisories/GHSA-c48q-x6xw-g5h8

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: add justification from Bernd why the security fix is not
  backported]
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/libheif/libheif.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  c4002a622bec9f519f29d84bfdc6024e33fd67953a5fb4dc2c2f11f67d5e45bf  libheif-1.18.2.tar.gz
-sha256  b2eb4f6588b005bebac44cfb2dfd23f6a16c5ca9b8a619a315158b0215a917a3  COPYING
+sha256  55cc76b77c533151fc78ba58ef5ad18562e84da403ed749c3ae017abaf1e2090  libheif-1.20.1.tar.gz
+sha256  fa81ce652315b013359d6e8e4744335f31a50c7c192907176d3632f78a3b4596  COPYING

package/libheif/libheif.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBHEIF_VERSION = 1.18.2
+LIBHEIF_VERSION = 1.20.1
 LIBHEIF_SITE = https://github.com/strukturag/libheif/releases/download/v$(LIBHEIF_VERSION)
 LIBHEIF_LICENSE = LGPL-3.0+
 LIBHEIF_LICENSE_FILES = COPYING