package/xterm: security bump to version 366

Fixes the following security issue:

CVE-2021-27135: xterm through Patch #365 allows remote attackers to cause a
denial of service (segmentation fault) or possibly have unspecified other
impact via a crafted UTF-8 character sequence.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>