Bump Bison version because Bison 3.0 doesn't build with newer glibc versions

[pablolh]

The Bison parser generator version required by libqasm and tree-gen is 3.0 or newer. When such Bison is not present on the system, the source for Bison 3.0 is downloaded and built by calling CMake.

Github actions use the Bison in container quay.io/pypa/manylinux2014_x86_64, which is 3.0.4. No newer bison can be installed directly from the repos in that container.

The issue with Bison 3.0 is that

• it is very old (from 2013). It also has some potential security vulnerabilities, although those don't apply to our use case since the input to Bison is fixed for OpenQL;
• and most importantly, it doesn't build with newer glibc, like glibc 2.28, from 2018. This gives a compile error similar to what is experienced here https://github.com/ARM-software/arm-enterprise-acs/issues/73. For reference, glibc 2.28 is present on the servers of TU Delft's QCE department on which I work. Bumping to Bison 3.8 fixes the compilation issue.

I suggest bumping the Bison required version to 3.8, unfortunately that requires building it from source in the CI, as long as we keep the same manylinux 2014 container, which can increase the build time.

Alternatively, I will look into adding an extra repo with Bison 3.8 in the workflow files, so that Bison doesn't have to be built in the CI.

[divinity76]

fwiw a patch to get bison to build on newer glibc is available at https://raw.githubusercontent.com/rdslw/openwrt/e5d47f32131849a69a9267de51a30d6be1f0d0ac/tools/bison/patches/110-glibc-change-work-around.patch

(bison version should absolutely be bumped, but until then..)