Randomize SCM_REVISION address in firmware

[andrewkozlik]

Implements https://github.com/satoshilabs/trezor-firmware/issues/189.
Replaces https://github.com/satoshilabs/trezor-firmware/pull/190.

Problem

When a firmware update is loaded onto a fake Trezor device, a malicious bootloader may automatically extract the revision ID of the firmware update. The malicious firmware on the device may then use the extracted revision ID to convince Suite that the firmware was successfully updated when in fact the malicious firmware is running on the device all along. This PR makes it difficult to automatically find the firmware revision ID in the firmware binary file by randomizing the address of the SCM_REVISION string in the firmware binary. (The address randomization is deterministic so that deterministic builds are preserved.)

Solution

1. I defined SCM_REVISION as a global symbol in a separate file core/embed/util/scm_revision/scm_revision.c, so that it will be placed into a distinct object file separate from all other symbols and constants which could otherwise be used to easily locate it.
2. In SConscript.firmware I shuffle the list of object files deterministically based on the value of SCM_REVISION itself. Based on observation of the resulting binary files, this results in the linker shuffling the strings in the firmware binary.

   random.Random(SCM_REVISION).shuffle(obj_program)

[github-actions]

core UI changes	device test	click test	persistence test
T2T1 Model T	test(screens) main(screens)	test(screens) main(screens)	test(screens) main(screens)
T3B1 Safe 3	test(screens) main(screens)	test(screens) main(screens)	test(screens) main(screens)
T3T1 Safe 5	test(screens) main(screens)	test(screens) main(screens)	test(screens) main(screens)
All	main(screens)