We used a feature branch for a hotfix to downgrade the kernel to
5.15.164. Go back to the default branch for 24.05.

For the next nixpkgs update, we can add reverts to nixos-24.05 until
we can update the kernel.

PL-132999

Pull upstream NixOS changes, security fixes and package updates:

- chromedriver: 128.0.6613.84 -> 128.0.6613.119
- chromium: 128.0.6613.84 -> 128.0.6613.119
- consul: 1.18.3 -> 1.18.4
- element-web: 1.11.75 -> 1.11.76
- firefox: 129.0.2 -> 130.0
- grafana: 10.4.7 -> 10.4.8
- haproxy: 2.9.7 -> 2.9.10 (CVE-2024-45506)
- imagemagick: 7.1.1-36 -> 7.1.1-38
- matomo_5: 5.0.2 -> 5.1.1
- matrix-synapse: 1.113.0 -> 1.114.0
- nss_latest: 3.102 -> 3.104
- php82: 8.2.21 -> 8.2.23
- php83: 8.3.9 -> 8.3.11
- prometheus: 2.53.1 → 2.54.1
- roundcube: 1.6.8 -> 1.6.9

Skip kernel (linux_5_15) updates from upstream by reverting 2 update
commits. We want to stay at 5.15.164 for now and update to 5.15.167 or
later (see PL-132971).

Additional package update by us:

- gitlab: 17.2.4 -> 17.2.5

PL-132999

This is caused by libolm used for e2ee which is an optional feature.

There's no fix in sight (libolm deprecated, no signs in lib-jitsi-meet
to move away from it) and the attacks are AFAIK for on the theoretical
side. I don't think that this should stop us from using Jitsi.

PL-132999