Upgrade ASK kernel base to Linux 6.18.30

Move the custom ASK/NXP kernel build from lf-6.18.2-1.0.0 toward
the upstream stable 6.18.y baseline, currently 6.18.30.

This pulls in upstream stable fixes, including the BPF verifier fix needed
by Cilium. The previous 6.18.2-based kernel triggered:

  verifier bug: REG INVARIANTS VIOLATION (false_reg1)
  reg_bounds_sanity_check()
  bpf_prog_load()
  cilium-agent

The issue is no longer reproduced on 6.18.30 after fresh boot:
Cilium 1.19.2 reports healthy, BPF datapath is active, all controllers are
healthy, cluster health is reachable, and dmesg no longer shows the verifier
warning.

Refresh affected ASK upstream patch splits:
- add bridge br_input patch
- refresh xfrm policy/state patches
- update package/kernel build inputs for 6.18.30

docker/ask.Dockerfile

@@ -13,7 +13,7 @@ RUN git config --global user.email "monok8s@localhost" && \
 WORKDIR /src
 
 ARG AARCH64_MUSL_CC_TAR
-ARG NXP_TAR
+ARG NXP_KERNEL_TAR
 ARG MONO_ASK_TAR
 ARG LIBNFNETLINK_TAR
 ARG LIBMNL_TAR
@@ -33,7 +33,7 @@ ARG LIBNFCT_VERSION
 COPY "${AARCH64_MUSL_CC_TAR}"  ./aarch64_musl_cc.tar.gz
 
 # Linux kernel
-COPY "${NXP_TAR}"		  ./kernel.tar.gz
+COPY "${NXP_KERNEL_TAR}"		  ./kernel.tar.gz
 
 # Copy the ASK deps
 COPY "${MONO_ASK_TAR}"	 ./mono-ask.tar.gz

docker/download-packages.Dockerfile

@@ -204,13 +204,14 @@ RUN fetch-artifact \
 
 # ---- nxp linux ----
 FROM base AS nxp_linux
-ARG NXP_VERSION
-ARG NXP_TAR
+ARG NXP_KERNEL_VERSION
+ARG NXP_KERNEL_TAR
+ARG NXP_KERNEL_URL
 WORKDIR /out/nxp/kernel
 RUN fetch-artifact \
-        "${NXP_TAR}" \
-        "${NXP_VERSION}.tar.gz" \
-        "https://github.com/nxp-qoriq/linux/archive/refs/tags/${NXP_VERSION}.tar.gz"
+		"${NXP_KERNEL_TAR}" \
+		"${NXP_KERNEL_VERSION}.tar.gz" \
+		"${NXP_KERNEL_URL}"
 
 # ---- crio ----
 FROM base AS crio