xen: mark unsupported versions as vulnerable

Our support for Xen lacks maintenance and since Xen has monthly security
advisories it is reasonable to assume our version is affected by a
multitude of security problems that are fixed upstream.

How many advisories? Browsing oss-security shows the following number of
advisories in each of the following years:

2022: 3
2021: 53
2020: 54
2019: 46 <-- we are *here*

https://xenbits.xen.org/docs/unstable/support-matrix.html

pkgs/applications/virtualization/xen/generic.nix

@@ -254,5 +254,9 @@ stdenv.mkDerivation (rec {
     platforms = [ "x86_64-linux" ];
     maintainers = with lib.maintainers; [ eelco tstrobel oxij ];
     license = lib.licenses.gpl2;
+    # https://xenbits.xen.org/docs/unstable/support-matrix.html
+    knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [
+      "This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html"
+    ];
   } // (config.meta or {});
 } // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ])