Add curl to shell buildInputs for HTTPS transport
The wrapped-cabal writeShellApplication includes curl as a runtimeInput, but that only puts curl on PATH when the wrapper script itself runs. In the -env container scripts (which source $stdenv/setup to construct PATH from buildInputs/nativeBuildInputs), curl is NOT on PATH for other programs. This breaks GHC CI builds: GHC's Makefile bootstraps its own stage0 cabal (debug build, no native TLS) which then needs curl on PATH to download packages from Hackage over HTTPS. Without curl available, it fails with Cabal-7113. Fix: add curl directly to buildInputs/nativeBuildInputs in dynamic.nix, static.nix, and cross-js.nix so it's always available on PATH regardless of how the environment is sourced.
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&s=80)
