vendor: update various golang.org/x/xxx dependencies

[thaJeztah]

vendor: golang.org/x/sys v0.38.0

• cpu: add HPDS, LOR, PAN detection for arm64
• cpu: also use MRS instruction in getmmfr1
• cpu: use MRS instruction to read arm64 system registers
• unix: add consts for ELF handling
• unix: add SetMemPolicy and its mode/flag values
• unix: add SizeofNhmsg and SizeofNexthopGrp
• windows: add iphlpapi routing functions

full diff: golang/sys@v0.37.0...v0.38.0

vendor: golang.org/x/sync v0.18.0

full diff: golang/sync@v0.17.0...v0.18.0

vendor: golang.org/x/term v0.37.0

vendor: golang.org/x/text v0.31.0

full diff: golang/text@v0.29.0...v0.31.0

vendor: golang.org/x/net v0.47.0

vendor: golang.org/x/crypto v0.45.0

full diff: golang/crypto@v0.44.0...v0.45.0

Hello gophers,

We have tagged version v0.45.0 of golang.org/x/crypto in order to address two
security issues.

This version fixes a vulnerability in the golang.org/x/crypto/ssh package and a
vulnerability in the golang.org/x/crypto/ssh/agent package which could cause
programs to consume unbounded memory or panic respectively.

SSH servers parsing GSSAPI authentication requests don't validate the number of
mechanisms specified in the request, allowing an attacker to cause unbounded
memory consumption.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58181 and Go issue https://go.dev/issue/76363.

SSH Agent servers do not validate the size of messages when processing new
identity requests, which may cause the program to panic if the message is
malformed due to an out of bounds read.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-47914 and Go issue https://go.dev/issue/76364.

Cheers, Go Security team

[thaJeztah]

@crazy-max PTAL - this should also fix some of the code-scanning alerts