deps: address CVEs and add security scans to CI

[fidencio]

Bump Go to 1.25.9 and refresh modules (gRPC, containerd, AWS SDK, golang.org/x/*, go-jose, selinux, docker/cli, OpenTelemetry, CDI). Update optimizer-server Cargo.lock (rustix).

Add a CI job that runs govulncheck and OSV-Scanner on each push and PR.

[fidencio]

cc @imeoer

[fidencio]

cc @bergwolf

[codecov]

Codecov Report

❌ Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 24.45%. Comparing base (fc330cc) to head (e0e73dc).
⚠️ Report is 26 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/backend/s3.go	0.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #741      +/-   ##
==========================================
+ Coverage   22.02%   24.45%   +2.42%     
==========================================
  Files         130      132       +2     
  Lines       11931    12237     +306     
==========================================
+ Hits         2628     2992     +364     
+ Misses       8960     8881      -79     
- Partials      343      364      +21     

Files with missing lines	Coverage Δ
pkg/supervisor/supervisor.go	68.91% <ø> (ø)
pkg/backend/s3.go	22.58% <0.00%> (ø)

... and 16 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fidencio]

cc @Fricounet

[Fricounet]

Nice, LGTM thanks for the PR!

[fidencio]

Ideally we'd like to have a release cut after this one gets merged, so we can ship this on Kata Containers and reduce the amount of vulns there that are not related to Kata itself :-)

[Fricounet]

I've published v0.15.15 which should have the fix

[fidencio]

I've published v0.15.15 which should have the fix

Amazing, I'm already updating it on the Kata Containers side.
Thanks a whole lot, as usual!