Log Message:
Update to version 1.15.

The directory ${PKGVULNDIR)} holding the 'vulnerabilities' file
which default value is determined at configure time can now be
overridden at runtime from the environment.

As a side effect the strings substituted at configure time in
files/{audit-packages,download-vulnerability-list} are now of the
form '@VAR@' and not '${VAR}'.