tags: add more unicode security references

Author: robUx4

cellar-tags/tags_security.md

@@ -6,7 +6,7 @@ Tag values can be either `TagString` or `TagBinary` blobs. In both cases issues
 
 Most of the time strings are kept as-is and don't pose a security issue, apart from invalid UTF-8 values.
 Implementations **MUST** validate `TagString` inputs for UTF-8 correctness and
-reasonable length before use, in accordance with the security considerations in [@!RFC3629, section 10].
+reasonable length before use, in accordance with the security considerations in [@!RFC3629, section 10] and [@!RFC9839, section 7].
 
 String tags that are parsed (such as "REPLAYGAIN_GAIN" or "REPLAYGAIN_PEAK" defined in (#technical-information)),
 string tags following the TagString formatting rules (#tagstring-formatting), or string tags following other strict formats like URLs,