Include patches for SSH host key check in litestream

[surfaceflinger]

Right now litestream is marked as vulnerable because of CVE-2024-41254 (The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.)

There are 2 patches for that available which implement ssh host key pinning

• benbjohnson/litestream@f6c8590
• SSH host key check benbjohnson/litestream#609

If these patches don't break existing setups then IMO it would be a good idea to include them and remove the vulnerability from meta.

CC @cideM