also point nixpkgs-unstable at HEAD of a PR with a cryptography upgrade
I tried just overriding the upgrade into place but it results in infinite
recursion, I suppose because cryptography is a dependency of some of the build
tools and needs extra handling that I don't feel like figuring out for this
short-term hack. someday the upgrade will land in nixpkgs master and we can
switch back.
It does the necessary overrides for stopping doc builds and excluding certain
inputs and outputs. We can't just set `dontBuildDocs` in the derivation
because that's not a setting recognized by the Nixpkgs Python build system.
