broadcom-wl: enable WiFi/Bluetooth driver as discussed in PR #1580

[masrlinu]

Description of changes

Re-enable the Broadcom wl (broadcom-sta) WiFi/Bluetooth driver that was removed in PR #1580, and add an option to disable it for users who prefer not to use the vulnerable driver (for example because they replaced it with a USB Wi-Fi adapter due to the security issue).
By default, the Broadcom driver is enabled, so that affected devices regain working Wi-Fi.
The driver is included via an overridden broadcom_sta package with cleared meta.knownVulnerabilities, which avoids evaluation failures while keeping the module functional.
Tested on a MacBook Air 6,2.

Things done

• Tested the changes in my own NixOS Configuration on a MacBook Air 6.2
• Tested the changes end-to-end on a MacBook Air 6.2 by using my fork of nixos-hardware and
  importing it via <nixos-hardware> or Flake input

[pyrox0]

If this is insecure, it should be disabled by default.

[masrlinu]

Ok, I disabled it by default.
By the way, I personally keep it enabled since it is only exploitable by people in direct WiFi range. Last time I was at a hacker meetup, I told them that I was on their WiFi using the broadcom driver, which has this vulnerability, but nothing happened after hours of surfing 😅 I doubt my neighbors at home would be any more dangerous 😄

[Mic92]

@masrlinu can you share this option with all modules instead of copying it?

[masrlinu]

@masrlinu can you share this option with all modules instead of copying it?

I don't have much experience with nixos-hardware. This is my first PR. Do you mean a change like this?