platform/kevin: bump kernel to version with wifi RCE fixes

This bumps the kernel version on gru-kevin to 5.10.148, which has
fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.

On all other platforms the ownerboot kernel is used only to kexec()
another long-lived kernel, and is therefore built without wifi
support and not vulnerable.

The gru-kevin laptop cannot use kexec() due to unfixable bugs in
mid-2010s versions of ARM's GICv3.

In some cases this bug can be worked around by having the
pre-kexec() kernel not fully initialize the GIC:

  https://lore.kernel.org/lkml/20180921195954.21574-1-marc.zyngier@arm.com/

Unfortunately this workaround leaves the gru-kevin's screen in a
glitchy state post-kexec() which makes the laptop mostly unusable.

src/platform/kevin/default.nix

@@ -39,7 +39,10 @@ in {
     platform_name = "kevin";
 
     kernel =
-      let version = "5.10.10"; in
+      let
+        version = "5.10.148";
+        hash = "sha256-ElI/a+IhBnCU7FQbGWvOcEk/f0TwMbPEcR2C4pDG6VY=";
+      in
       final.lib.makeOverridable (prev.kernel.override {
         config = ./linux.config;
         buildTargets = [ "Image" "dtbs" ];
@@ -47,8 +50,7 @@ in {
         inherit version;
         src = final.nixpkgsOnBuildForBuild.fetchurl {
           url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-          sha256 = "sha256-YO2Gb6lRUipSVeo37DrCAG0/NCfUeDoT70eEZPN82xk=";
-          # FIXME: add the patches
+          inherit hash;
         };
         postInstall = (a.postInstall or "") + ''
           lzma < arch/arm64/boot/Image > $out/Image.lzma