ci: upgrade nix awslc version

[CarolYeh910]

Goal

Update the AWS-LC version used by nix in the CI

Why

PR #5772 changed the ML-DSA feature probe to detect a recently added API in AWS-LC. However, flake.lock is pinned to a specific aws-lc version, which predates the new API and caused the ML-DSA feature flag to be false. We may consider adding a CI check to ensure the AWS-LC version used by the CI is relatively up-to-date.

How

Run nix flake update locally and then commit the changes to flake.lock.

Callouts

flake.nix takes a dependency on Corretto21, which caused a nix error due to gradle-7.6.6. Based on NixOS/nixpkgs#459071, it looks like they don't plan to fix it. As suggested in the error output, we can add gradle-7.6.6 as an insecure package to work around this issue. Once corretto25 is put into nixpkgs, we can bump it.

Testing

All the CodeBuild jobs succeeded after I made these changes on PR #5772.

Related

3 CodeBuild jobs (GeneralBatch, Valgrind, and AddressSanitizer) rely on pre-built Docker containers. I've rebuilt the ubuntu22 and 24 images and updated the containers used in the CI. #5790

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[kaukabrizvi]

Could we create an issue to track:

Once corretto25 is put into nixpkgs, we can bump it.

Or at least a comment explaining why gradle-7.6.6 is included even though it is an insecure package