Is it actually as bad as it looks?
I did a bit of searching and found this (on the Turnkey Linux site) :
The Debian security team will be providing backported security updates for PHP7.0 for one year after the next Debian release (10/Buster) becomes stable (and 9/Stretch becomes “oldstable”) - almost certainly some time in 2020. So we have at least another year of “Security Team” support. Even after that, Debian support will continue. Once the “Security team support” finishes, the responsibility of maintenance of PHP7.0 on Debian 9/Stretch will move to the the LTS team and support will continue until June 2022.
So while PHP7.1, 7.2 and 7.3 bring some small further performance and feature improvements that I won’t have (but won’t really miss), I think I’ll stop worrying about 7.0 being officially EOL, at least for another year.