Upgrade to Linux 4.19 with the Spectre v1 swapgs mitigations in Tails 3.16

We shipped 4.19.37-4 in 3.15. Since then, there was a security update for Buster (4.19.37-5+deb10u2) that mitigates the new Spectre v1 swapgs variant (CVE-2019-1125).

#16728 (closed) gave us 4.19.37-6 for free but it does not fix that security issue: sid instead got the fix via 5.2.7-1 (#16942 (closed)), which is probably too much of a change for our 3.16 bugfix release.

Feature Branch: bugfix/16970-spectre-v1-swapgs+force-all-tests

Related issues

Related to #16942 (closed)
Blocks #16209
Blocked by #16728 (closed)

Original created by @intrigeri on 16970 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information