This adds a directory for us to store patches we need to apply during build -- I've copied the "no CBQ" patch we've already been applying, and a new "sha1_process_block64_shaNI.patch" which applies a patch for our new non-x86 build failures.
I've also added a README to the new patches directory to make it clear what types of patches are appropriate/acceptable (perhaps more accurately, why almost all patches are *not* acceptable).
This changes the build context for our rootfs builds to be the root of the repository so we don't have to muddy our template applying code with which patches to copy and can instead maintain that in the template itself (and skip the entire "patch applying" block of code when there are no patches to apply).
Tianon Gravi