[Aikido] Fix 1 critical issue in google.golang.org/grpc and 6 other issues

[aikido-autofix]

Upgrade dependencies to fix authorization bypass in gRPC path validation and privilege validation bypass in Docker plugin installation.

✅ 7 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-33186	🚨 CRITICAL	[google.golang.org/grpc] Improper HTTP/2 :path validation allows requests without leading slashes to bypass path-based authorization interceptors, enabling attackers to circumvent "deny" rules and access restricted gRPC methods. This authorization bypass affects servers using path-based RBAC policies with fallback "allow" rules.
CVE-2026-33997	HIGH	[github.com/docker/docker] A privilege validation bypass in plugin installation allows the daemon to incorrectly accept unapproved privilege sets due to flawed comparison logic, enabling plugins to gain unintended elevated permissions.
CVE-2026-34040	MEDIUM	[github.com/docker/docker] Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
CVE-2026-24051	MEDIUM	[go.opentelemetry.io/otel/sdk] Path hijacking vulnerability in resource detection code allows local attackers to execute arbitrary code by manipulating the PATH environment variable on macOS systems.
CVE-2026-39883	MEDIUM	[go.opentelemetry.io/otel/sdk] A PATH hijacking vulnerability exists in the BSD kenv command execution, allowing attackers to execute arbitrary code by manipulating the PATH environment variable. This enables remote code execution on BSD and Solaris platforms.
AIKIDO-2026-10617	MEDIUM	[github.com/lestrrat-go/jwx/v3] EC public keys in JWE/JWK import lack curve validation, enabling invalid-curve attacks to leak shared-secret bits. Additionally, symmetric keys are exposed in public JWK sets, and unescaped key IDs/algorithm names in JWT headers allow injection of malformed fields.
CVE-2024-28180	LOW	[gopkg.in/square/go-jose.v2] A decompression bomb vulnerability in JWE handling allows attackers to cause denial of service by sending specially crafted compressed data that consumes excessive memory and CPU during decryption. The vulnerability has been mitigated by implementing size limits on decompressed data.

🔗 Related Tasks

• https://aikido.atlassian.net/browse/AIK-11350
• https://aikido.atlassian.net/browse/AIK-11003
• https://aikido.atlassian.net/browse/AIK-12882