This update for cyrus-imapd fixes the following issues:

- Adapt license

- cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd
(boo#1251788)
Remove var-run.mount from Requires and After

- update to version 3.8.6 (bugfix release)
VUL-0: CVE-2025-49812: cyrus-imapd: Opossum Attack Application Layer
Desynchronization using Opportunistic TLS (boo#1246165)
The industry is deprecating STARTTLS (aka opportunistic TLS) in favor of
implicit TLS over a dedicated port. STARTTLS is now disabled by default.
* Fixed issue #5477: master: tighten up pidfile/etc handling (boo#1241543)
VUL-0: cyrus-imapd: privilege drop happens too late, opening attack vectors from cyrus to root
* Fixed issue #5450: fix zoneinfo_db code for GCC 15 (thanks Yadd)
* Fixed issue #5309: deadlock on shutdown (thanks Mark Cammidge)
* Fixed issue #5424: recognise service-specific SASL options in
``cyr_info conf-lint``
* Fixed issue #5420: fix double-free in http_admin (thanks Wolfgang Breyha)
* Fixed issue #5460: pop3d: add basic prometheus support (thanks Wolfgang
Breyha)
* Fixed issue #5454: httpd fails to parse OpenSSL version for status string

- update to version 3.8.5 (bugfix release)
* Fixed Issue #5029: check for unexpected extra tiny-tests directories
* Fixed Issue #5148: added --enable-release-checks configure option for use when building releases
* Fixed Issue #4489: calendar-color "changes" namespace
* Fixed Issue #5009: various portability warnings and nits
* Fixed Issue #5050: iTIP line endings
* Fixed Issue #5052: iMIP line endings
* Fixed Issue #5072: http_cgi use after free
* Fixed Issue #5094: httpd crash when PROPFIND url is /dav/calendars
* Fixed Issue #5118: broken language checks for "zr-hant" and "sr-me"
* Fixed Issue #5047: proxying UID SEARCH
- rebased patches:

- CVE-2025-23394: cyrus-imapd: daily-backup.sh allows escalation from cyrus to root (boo#1241536)
Adapt backup-cyrus.service to run as user cyrus:mail