build(deps): bump Go from 1.25.5 to 1.25.7

[TerryHowe]

Summary

• Bumps Go toolchain from 1.25.5 to 1.25.7 across go.mod, test/e2e/go.mod, Dockerfile, and release-github.yml
• Addresses GHSA-mwr6-mfr3-mcv5 by fixing all 6 reported stdlib CVEs:

CVE	Severity	Description
CVE-2025-68121	CRITICAL	Unexpected session resumption in crypto/tls
CVE-2025-58183	HIGH	Unbounded allocation parsing GNU sparse map (archive/tar)
CVE-2025-61726	HIGH	Memory exhaustion in net/url query parameter parsing
CVE-2025-61728	HIGH	Excessive CPU in archive/zip index building
CVE-2025-61729	HIGH	DoS via crafted x509 certificates
CVE-2025-61730	HIGH	TLS 1.3 handshake record issue

Test plan

• All unit tests pass with Go 1.25.7
• Build succeeds for darwin/arm64
• CI build and test workflow passes

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.14%. Comparing base (dd045e9) to head (e08de1e).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1980      +/-   ##
==========================================
- Coverage   87.21%   87.14%   -0.08%     
==========================================
  Files         143      143              
  Lines        5539     5539              
==========================================
- Hits         4831     4827       -4     
- Misses        421      425       +4     
  Partials      287      287              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sabre1041]

LGTM

[bupd]

/lgtm