Update Go dependencies to resolve critical and high-severity CVEs

[dennis-cf]

Upgrade golang.org/x/crypto to v0.36.0, golang.org/x/net to v0.38.0, golang.org/x/oauth2 to v0.27.0, and golang.org/x/sync to v0.12.0 to address CVE-2024-45337 (critical), CVE-2025-22869, CVE-2025-30204, CVE-2025-22868 (high), and CVE-2025-22870, CVE-2025-22872 (medium). All tests pass and the build is verified.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.85%. Comparing base (ee142a8) to head (3835228).
⚠️ Report is 98 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #536      +/-   ##
==========================================
- Coverage   48.75%   45.85%   -2.91%     
==========================================
  Files          25       28       +3     
  Lines        3222     3670     +448     
==========================================
+ Hits         1571     1683     +112     
- Misses       1477     1815     +338     
+ Partials      174      172       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.