python27: fix CVE-2021-23336

From the archive `python-gentoo-patches-2.7.18_p8.tar.xz` found at
https://dev.gentoo.org/~mgorny/dist/python/, I copied
`0024-3.6-bpo-42967-only-use-as-a-query-string-separator-G.patch`.

pkgs/development/interpreters/python/cpython/2.7/default.nix

@@ -123,6 +123,8 @@ let
 
       ./CVE-2021-3177.patch
 
+      ./CVE-2021-23336.patch
+
       # The workaround is for unittests on Win64, which we don't support.
       # It does break aarch64-darwin, which we do support. See:
       # * https://bugs.python.org/issue35523