Update expat dependency

[stuartmorgan-g]

Our version of expat hasn't been updated in over a year, and is once again being flagged by security analysis tools. Based on discussion in #91384 it sounds like this is probably not an actual security issue the way we're using it (unless something has changed about our usage), but we should still roll it forward again.

(/cc @Hixie @jason-simmons @zanderso who were in involved in the previous roll, but I can drive this if there's not a better candidate.)

[Hixie]

Autorolling it would be ideal if there's any chance of that.

Am I wrong in saying we also have libxml2 in our binary somewhere?

[stuartmorgan-g]

I filed #114817 for an auto-roller; I'm not sure what the process for engine autorollers is, so someone with more familiarity there would be better to drive that.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.