check-meta: add allowBrokenPredicate (#340081)

## Installing broken packages {#sec-allow-broken}

There are two ways to try compiling a package which has been marked as broken.

There are several ways to try compiling a package which has been marked as broken.

-   For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:

    $ export NIXPKGS_ALLOW_BROKEN=1

    ```

-   For permanently allowing broken packages to be built, you may add `allowBroken = true;` to your user's configuration file, like this:

-   For permanently allowing broken packages that match some condition to be built, you may add `allowBrokenPredicate` to your user's configuration file with the desired condition, for example:

    ```nix

    {

      allowBrokenPredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "hello" ];

    }

    ```

-   For permanently allowing all broken packages to be built, you may add `allowBroken = true;` to your user's configuration file, like this:

    ```nix

    { allowBroken = true; }

  isMarkedBroken = attrs: attrs.meta.broken or false;

  # Allow granular checks to allow only some broken packages

  # Example:

  # { pkgs, ... }:

  # {

  #   allowBroken = false;

  #   allowBrokenPredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "hello" ];

  # }

  allowBrokenPredicate = config.allowBrokenPredicate or (x: false);

  hasDeniedBroken =

    attrs: (attrs.meta.broken or false) && !allowBroken && !allowBrokenPredicate attrs;

  hasUnsupportedPlatform = pkg: !(availableOn hostPlatform pkg);

  isMarkedInsecure = attrs: (attrs.meta.knownVulnerabilities or [ ]) != [ ];

        reason = "non-source";

        errormsg = "contains elements not built from source (‘${showSourceType attrs.meta.sourceProvenance}’)";

      }

    else if !allowBroken && attrs.meta.broken or false then

    else if hasDeniedBroken attrs then

      {

        valid = "no";

        reason = "broken";