Fix resources.arsc comparison in reproducible script

[BarbossHack]

First time contributor checklist

• I have read how to contribute to this project
• I have signed the Contributor License Agreement

Contributor checklist

• I am following the Code Style Guidelines
• I have tested my contribution on these devices:

• github action runner, ubuntu-latest

• My contribution is fully baked and ready to be merged as is
• I ensure that all the open issues my contribution fixes are mentioned in the commit message of my first commit using the Fixes #1234 syntax

---

Description

Lately, the reproducible build script has been failing due to a resources.arsc parsing error originating from the androguard AXML parser (first reported here: #14809 )

error logs

$ uv run apkdiff.py /tmp/tmp.qjpCgjrAFB/playstore-official/org.thoughtcrime.securesms/org.thoughtcrime.securesms.apk /tmp/tmp.qjpCgjrAFB/playstore-build/base-master.apk 

Comparing: 
        /tmp/tmp.qjpCgjrAFB/playstore-official/org.thoughtcrime.securesms/org.thoughtcrime.securesms.apk
        /tmp/tmp.qjpCgjrAFB/playstore-build/base-master.apk

Unzipping...
Comparing zip entry names...
Comparing zip entry contents...
Comparing AndroidManifest.xml...
[XmlDifference(diff_type='attribute', path='manifest/uses-sdk', attribute_name='{http://schemas.android.com/apk/res/android}minSdkVersion', first_value='32', second_value='23', child_tag=None)]
APKs differ on file AndroidManifest.xml! Files extracted to the mismatches/ directory.
APKs differ on file assets/dexopt/baseline.prof! Files extracted to the mismatches/ directory.
APKs differ on file classes3.dex! Files extracted to the mismatches/ directory.
Comparing resources.arsc (may take a while)...
We are out of bound with this complex entry. Count: 1208156160
We are out of bound with this complex entry. Count: 50331648
We are out of bound with this complex entry. Count: 134217787
We are out of bound with this complex entry. Count: 1536
We are out of bound with this complex entry. Count: 1536
We are out of bound with this complex entry. Count: 134217788
We are out of bound with this complex entry. Count: 16384
We are out of bound with this complex entry. Count: 222208
We are out of bound with this complex entry. Count: 134217788
We are out of bound with this complex entry. Count: 1283072
We are out of bound with this complex entry. Count: 134217789
We are out of bound with this complex entry. Count: 1024
We are out of bound with this complex entry. Count: 1024
We are out of bound with this complex entry. Count: 1024
We are out of bound with this complex entry. Count: 1536
We are out of bound with this complex entry. Count: 40103939
We are out of bound with this complex entry. Count: 40963331
We are out of bound with this complex entry. Count: 40050179
We are out of bound with this complex entry. Count: 40349187
We are out of bound with this complex entry. Count: 33491971
We are out of bound with this complex entry. Count: 276480
We are out of bound with this complex entry. Count: 1310720
We are out of bound with this complex entry. Count: 2432696319
We are out of bound with this complex entry. Count: 1536
We are out of bound with this complex entry. Count: 134217768
We are out of bound with this complex entry. Count: 33685503
We are out of bound with this complex entry. Count: 2048
We are out of bound with this complex entry. Count: 1536
We are out of bound with this complex entry. Count: 2
We are out of bound with this complex entry. Count: 1023606784
We are out of bound with this complex entry. Count: 471040
We are out of bound with this complex entry. Count: 50331656
We are out of bound with this complex entry. Count: 2048
We are out of bound with this complex entry. Count: 134217771
Traceback (most recent call last):
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/apkdiff.py", line 383, in <module>
    if compare(sys.argv[1], sys.argv[2]):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/apkdiff.py", line 60, in compare
    entry_contents = compare_entry_contents(zip1, zip2)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/apkdiff.py", line 122, in compare_entry_contents
    if entry_bytes_1 != entry_bytes_2 and not handle_special_cases(entry_info_1.filename, entry_bytes_1, entry_bytes_2):
                                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/apkdiff.py", line 146, in handle_special_cases
    return compare_resources_arsc(bytes1, bytes2)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/apkdiff.py", line 195, in compare_resources_arsc
    first_arsc = axml.ARSCParser(first_entry_bytes)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/.venv/lib/python3.12/site-packages/androguard/core/axml/__init__.py", line 1880, in __init__
    ate = ARSCResTableEntry(
          ^^^^^^^^^^^^^^^^^^
  File "/home/user/git/Signal-Android/reproducible-builds/apkdiff/.venv/lib/python3.12/site-packages/androguard/core/axml/__init__.py", line 3565, in __init__
    self.size = unpack('<H', buff.read(2))[0]
                ^^^^^^^^^^^^^^^^^^^^^^^^^^
struct.error: unpack requires a buffer of 2 bytes

androguard latest version v4.1.3 was published on PyPI more than one year ago, and since then many bugs have been fixed upstream in the https://github.com/androguard/androguard master branch. This PR updates the pyproject dependencies to point to the latest GitHub commit hash.

[BarbossHack]

Following my issue here androguard/axml#9 , androguard 4.1.4 has been published 👍 I will be able to update this PR in a few hours

[mtang-signal]

Thanks, this commit (for 4.1.3) should go out in 8.14!

[BarbossHack]

Androguard updated to v4.1.4, ready to merge 👍