pkg/grub: migrate to GRUB 2.12

[rucoder]

Description

Upgrade the EVE GRUB package from 2.02 and 2.06 to 2.12 for all three architectures (amd64, arm64, riscv64) using a single unified patch set.

2.12 is used by many modern distros

All patches were traced back to their original authors in https://github.com/coreos/grub and restored accordingly. The CoreOS-originated commits map as follows:

• coreos/grub@f69a9e0 — gpt: start new GPT module (Michael Marineau)
• coreos/grub@508b02f — gpt: new gptprio.next command for selecting priority based partitions (Michael Marineau)
• coreos/grub@67475f5 — gpt: add search by partition label and uuid commands (Michael Marineau)
• coreos/grub@1545295 — gpt: add search by disk uuid command (Alex Crawford)

This gives a future porter a direct breadcrumb trail: they can git log those 4 coreos hashes and see exactly what upstream they need to diff against when targeting GRUB 2.14.

Key changes:

• All archs now build from GRUB_COMMIT=grub-2.12 with a single patches-2.12/ directory — no arch-specific patch dirs needed
• 15 shared patches carry forward all EVE-specific features: gptprio A/B boot selection, measurefs TPM measurement, dt-fixup EFI protocol, getenv EFI variable reader, probe-partuuid, watchdog-style menu timeout, search_part_{label,uuid,disk_uuid} modules
• Includes the TPM status code improvement from pkg/grub: include EFI status code in "unknown TPM error" message #5708 (raw EFI status hex in "unknown TPM error" messages) — that PR can be closed once this lands
• Removed legacy patch folders: patches/, patches-2.06/, patches-aarch64-2.06/, patches-riscv64-2.06/
• coreutils added to base BUILD_PKGS (gnulib bootstrap needs join)
• GNULIB_REVISION updated to match grub-2.12's bootstrap.conf
• Removed modules that no longer exist in 2.12: linuxefi (merged into generic linux), verify, gcry_sha256 as standalone
• Added search_part_uuid to GRUB_MODULES_PORT (all archs); added getenv to arm64 GRUB_MODULES

GRUB 2.12 API compatibility fixes applied to our patches:

• grub_efi_guid_t → grub_guid_t (type renamed in 2.12)
• grub_efi_get_variable() gained a void ** output parameter
• efi_call_4() removed from 2.12; replaced with direct function pointer calls in fdt.c (fdt.module is only built for arm/riscv EFI, not x86, which is why this only surfaced on those targets)

Why riscv64/arm64 arch-specific patch dirs are empty:

• riscv64 Linux loader patch: superseded by the generic loader/efi/linux.c introduced in 2.12 (handles all EFI archs)
• riscv64 binutils 2.38 patch: upstreamed in 2.12
• arm64 search patch: covered by the shared separate-file search_part_* modules
• dt-fixup and cmddevice: moved to shared patches

How to test and validate this PR

Build the grub package for all three architectures:

make pkg/grub
make ZARCH=arm64 pkg/grub
make ZARCH=riscv64 pkg/grub

All three should complete with Build complete.

Boot an amd64 device or QEMU image and verify:

• gptprio A/B partition selection works
• measurefs extends PCR correctly with a TPM present
• GRUB version shown at boot is 2.12

Tested: Docker build verified for amd64, arm64, riscv64. Boot tested on amd64 QEMU — system boots normally, gptprio selects correct partition.

Changelog notes

Upgraded GRUB bootloader from version 2.06 to 2.12 for all supported architectures (amd64, arm64, riscv64).

PR Backports

• 16.0-stable: No
• 14.5-stable: No
• 13.4-stable: No

Checklist

• I've provided a proper description

• I've added the proper documentation

• I've tested my PR on amd64 device

• I've tested my PR on arm64 device

• I've written the test verification instructions

• I've set the proper labels to this PR

• I've checked the boxes above, or I've provided a good reason why I didn't
  check them.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 29.87%. Comparing base (2281599) to head (bcb52e6).
⚠️ Report is 376 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #5710       +/-   ##
===========================================
+ Coverage   19.52%   29.87%   +10.34%     
===========================================
  Files          19       18        -1     
  Lines        3021     2417      -604     
===========================================
+ Hits          590      722      +132     
+ Misses       2310     1549      -761     
- Partials      121      146       +25     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[eriknordmark]

Kick off tests