package/python3: add upstream security fix for CVE-2022-45061

Fixes the following security issue:

CVE-2022-45061: An issue was discovered in Python before 3.11.1.  An
unnecessary quadratic algorithm exists in one path when processing some
inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably
long name being presented to the decoder could lead to a CPU denial of
service.  Hostnames are often supplied by remote servers that could be
controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an
attacker-supplied supposed hostname.  For example, the attack payload could
be placed in the Location header of an HTTP response with status code 302.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>