Unfortunately this requires a crazy hack to support building with
Google's proprietary Widevine DRM technology as that requires fetching
the Google Chrome sources (see also 86ff1e4).
The hack is required because ungoogled-chromium doesn't always use tags
that correspond to a Google Chrome release.

Motivation for this change

@squalus I noticed that the latest ungoogled-chromium broke my update script. This PR should work (not tested though) but the implementation sucks... :o Maybe you have a better idea what to do here (feel free to replace my PR)?

Some other approaches I could think of:

• Stop supporting DRM for ungoogled-chromium
  • There are known users of that combination but since Widevine is a proprietary DRM technology from Google it might be for the best to not even allow it. But then again I can understand why people need Widevine... But maybe they could use Chromium for that.
  • Also: The obligatory fuck DRM (why do we have such stupid shit...):
    https://social.primeos.dev/notice/A1r2eAhOl893jAnbNY
• Check if it's possible to fetch an official build of Google Chrome 88.0.4324.104
• Ignore the first ungoogled-chromium release for a new major version (the rest of the releases seem to match Google Chrome / Chromium stable channel releases)

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.