...even for packages marked "broken".

Reflecting on #273781, our error handling should obviously take Ofborg into account, as well as try not to break interfaces that users outside nixpkgs might expect. One way to go could be:

• No throws, only meta.broken. Users can override meta.broken
• Broken packages shall still evaluate with allowBroken = true: they'll have a valid outPath, but their builds would always fail.
• In particular, when there's a src missing for a sourceProvenance = [ binaryNativeCode ] package (e.g. depending on the platform), we should set src to a valid fake value, e.g.null. In contrast, this fetchurl throws:

  nixpkgs/pkgs/development/cuda-modules/generic-builders/manifest.nix

  Lines 112 to 117 in 076fc3a

  	src = fetchurl {
  	url = "https://developer.download.nvidia.com/compute/${redistName}/redist/${
  	redistribRelease.${redistArch}.relative_path
  	}";
  	inherit (redistribRelease.${redistArch}) sha256;
  	};

• Optionally: prefer static structure for attribute sets when possible, cf. cudaPackages: keep unsupported attributes, mark unsupported, explain why #266475. This may also be related to recursion issues

@NixOS/cuda-maintainers