Patch musl's CVE-2026-6042 and CVE-2026-40200

- [CVE-2026-6042] is a denial of service in `iconv`.
- [CVE-2026-40200] is an out-of-bounds write in `qsort`.

Neither is relevant to Rust itself, but they could be used in mixed-
language projects that link with our `self-contained/libc.a`.

[CVE-2026-6042]: https://www.openwall.com/lists/oss-security/2026/04/09/19
[CVE-2026-40200]: https://www.openwall.com/lists/musl/2026/04/10/3