python3: upgrade 3.10.16 -> 3.10.18

Drop upstreamed patch and refresh remaining patches.

* https://www.python.org/downloads/release/python-31017/

  Security content in this release
  * gh-131809: Upgrade vendored expat to 2.7.1
  * gh-80222: Folding of quoted string in display_name violates RFC
  * gh-121284: Invalid RFC 2047 address header after refolding with
    email.policy.default
  * gh-131261: Update libexpat to 2.7.0
  * gh-105704: CVE-2025-0938 urlparse does not flag hostname containing
    [ or ] as incorrect
  * gh-119511: OOM vulnerability in the imaplib module

* https://www.python.org/downloads/release/python-31018/

  Security content in this release
  * gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
    [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
    tarfile extraction filters (filter="data" and filter="tar") to be
    bypassed using crafted symlinks and hard links.
  * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
    non-“strict” error handler.
  * gh-128840: Short-circuit the processing of long IPv6 addresses early
    in ipaddress to prevent excessive memory consumption and a minor
    denial-of-service.

gh-133767 got meawhile CVE-2025-4516 assigned.

(From OE-Core rev: 838a8b5ca148dfa6c6c2c76f1705d1e358a31648)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/python/python3/avoid_warning_about_tkinter.patch

@@ -18,7 +18,7 @@ diff --git a/setup.py b/setup.py
 index 11b5cf5..2be4738 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -1895,8 +1895,8 @@ class PyBuildExt(build_ext):
+@@ -1902,8 +1902,8 @@ class PyBuildExt(build_ext):
          self.detect_decimal()
          self.detect_ctypes()
          self.detect_multiprocessing()