expat: upgrade 2.7.3 -> 2.7.4

expat: upgrade 2.7.3 -> 2.7.4

Changelog [1]:
        Security fixes:
           #1131  CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
                    failed to copy the encoding handler data passed to
                    XML_SetUnknownEncodingHandler from the parent to the new
                    subparser. This can cause a NULL dereference (CWE-476) from
                    external entities that declare use of an unknown encoding.
                    The expected impact is denial of service. It takes use of
                    both functions XML_ExternalEntityParserCreate and
                    XML_SetUnknownEncodingHandler for an application to be
                    vulnerable.
           #1075  CVE-2026-25210 -- Add missing check for integer overflow
                    related to buffer size determination in function doContent

        Bug fixes:
           #1073  lib: Fix missing undoing of group size expansion in doProlog
                    failure cases
           #1107  xmlwf: Fix a memory leak
           #1104  WASI: Fix format specifiers for 32bit WASI SDK

        Other changes:
           #1105  lib: Fix strict aliasing
           #1106  lib: Leverage feature "flexible array member" of C99
           #1051  lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX
           #1109  lib|xmlwf: Return NULL instead of 0 for pointers
           #1068  lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC
           #1112  lib: Remove unused import
           #1110  xmlwf: Warn about XXE in --help output (and man page)
     #1102 #1103  WASI: Stop using getpid

... and additional docs/autotools/cmake/infrastructure changes

[1] https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>