To do this, this commit does several things:
* Move the set-interpreter patching to outside the fixed-output
derivation
* Patch base_pip3/BUILD.bazel, which ends up getting Python's full path
* Drop local_jdk, which contains symlinks to our jdk input
* Drop bazel_gazelle_go_repository_tools, which contains built artifacts
using our go
...and updates the FOD hash to match. Checked that this appears to
remove the currently obvious FOD problems by checking out an older
nixpkgs commit and applying this on top, and verifying that the FOD hash
doesn't change between that older glibc and the current tip-of-tree.
This also disables tcmalloc on ARM because I couldn't get this to build
properly otherwise.
* Bumps brotli version to incorporate a fix for some GCC warnings which
get promoted to errors.
* Switches from wee8 to WAMR because it's easier to make it build
sensibly on a range of GCC versions that aren't just "whatever ships
with Ubuntu LTS".
* Adds a patch for WAMR's build in Envoy because it won't build properly
under Linux aarch64, since WAMR doesn't detect aarch64 unless it's on
macOS.
