Vulnerable needrestart custom package

TPA deploys a custom needrestart package that adds a metrics export feature.

Unfortunately the version this package is based on is vulnerable to a serious privilege-escalation issue: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

A fix has been released already by the Debian security team: https://tracker.debian.org/news/1586426/accepted-needrestart-36-4deb12u2-source-into-stable-security/

We need to fix our own package to ship the security patches.