The broadcom-sta driver package is marked as insecure due to CVE-2019-9501
and CVE-2019-9502 (heap buffer overflow vulnerabilities allowing remote code
execution). The driver is also unmaintained and incompatible with modern
Linux kernel security mitigations.
Removed broadcom_sta from extraModulePackages and the corresponding "wl" kernel module.
This resolves test failures where Nixpkgs refuses to evaluate configurations
containing this insecure package.
