build(deps): reduce govulncheck findings in plugin/tool modules

[mohammedfirdouss]

What this PR does:
Updates vulnerable dependency chains in selected plugin/tool Go modules to reduce govulncheck findings tracked in #6600.

This PR bumps golang.org/x/crypto, golang.org/x/net, and google.golang.org/grpc where applicable, and includes transitive updates from go mod tidy in:

• pkg/app/pipedv1/plugin/terraform
• pkg/app/pipedv1/plugin/kubernetes_multicluster
• tool/actions-gh-release

Why we need it:
These modules were still reporting non-stdlib vulnerabilities. Updating affected dependencies reduces the actionable set while preserving the project baseline and keeping the fix scoped.

Which issue(s) this PR fixes:

Refs #6600

Does this PR introduce a user-facing change?:

• How are users affected by this change: No direct user-facing behavior change; this is a dependency/security maintenance update.
• Is this breaking change: No
• How to migrate (if breaking change): N/A

Validation:

• Ran go mod tidy in each updated module.
• Ran govulncheck -json ./... in each updated module.
• Verified removed IDs from this pass:
  • GO-2025-4116
  • GO-2025-4134
  • GO-2025-4135
  • GO-2026-4440
  • GO-2026-4441
  • GO-2026-4762
• Recomputed multi-module matrix and confirmed unique findings reduced from 33 to 27.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 29.28%. Comparing base (fdec720) to head (7f90e6e).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6708      +/-   ##
==========================================
- Coverage   29.48%   29.28%   -0.21%     
==========================================
  Files         593      511      -82     
  Lines       63440    56946    -6494     
==========================================
- Hits        18706    16675    -2031     
+ Misses      43289    38951    -4338     
+ Partials     1445     1320     -125     

Flag	Coverage Δ
.	23.27% <ø> (-0.02%)	⬇️
.-pkg-app-pipedv1-plugin-analysis	?
.-pkg-app-pipedv1-plugin-ecs	?
.-pkg-app-pipedv1-plugin-kubernetes	58.37% <ø> (ø)
.-pkg-app-pipedv1-plugin-kubernetes_multicluster	61.90% <ø> (ø)
.-pkg-app-pipedv1-plugin-scriptrun	?
.-pkg-app-pipedv1-plugin-terraform	?
.-pkg-app-pipedv1-plugin-wait	?
.-pkg-app-pipedv1-plugin-waitapproval	?
.-pkg-plugin-sdk	50.34% <ø> (ø)
.-tool-actions-gh-release	?
.-tool-actions-plan-preview	?
.-tool-codegen-protoc-gen-auth	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Warashi]

@mohammedfirdouss sorry, the snyk check has failed due to unexpected error. Please push an empty commit to re-run it?