enh(expat): Upgrade to expat 2.7.3

[matejk]

Summary

Upgrades the bundled expat XML parser library from 2.7.1 to 2.7.3.

Closes #5028

Security Fixes

This upgrade addresses the following security vulnerabilities:

CVE-2025-59375 (Fixed in 2.7.2)

• Severity: High (CVSS 7.5)
• Type: Resource allocation without limits (CWE-770)
• Impact: Denial of service through unrestricted memory allocation
• Fix: Implements tracking and limiting of dynamic memory allocations

CVE-2024-8176 improvements (2.7.3)

• The original fix for CVE-2024-8176 (stack overflow via nested entities) in 2.7.0 caused false reports for some malformed documents
• Expat 2.7.3 corrects this behavior

Changes

Library upgrade

• Updated all expat source files from 2.7.1 to 2.7.3
• Added new winconfig.h file included in 2.7.3

POCO-specific modifications updated for 2.7.3

The patched xmlparse.cpp includes:

• EXPAT_POCO mode for POCO-specific entropy using Poco::RandomInputStream
• C++ keyword fix - renamed operator parameter to op (C++ reserved keyword)
• C++ casts for all MALLOC, REALLOC, and malloc_fcn calls
• Excludes OS-specific entropy functions when using POCO entropy

Updated patch file

The xmlparse_poco.patch has been regenerated for the new expat version.