[TEST] Bump Go to 1.25

[josvazg]

Summary

Attempt to bump to Go 1.25, check what issues remain

Findings:
✅ Nix takes sometime to take Go major versions, but we can use the unstable channel to get them earlier.
✅ The golangci-lint tool just got updated to the new major Go version, so it can be updated from unstable and be fixed.
🟠 The licenses check was failing, I had to remove the GOTOOLCHAIN=local setting to fix it. Consider go-licence-detector by Elastic as an alternative? -> CLOUDP-346331
🟠 Unit tests failed with linker errors. In my Mac, they are due to a linker change in Go 1.25 that breaks the way to check mac certificates. On the CI it got fixed by removing the last bit of the go version in the go.mod line: go 1.25 -> CLOUDP-346332
✅ Mockery was also giving problems, version 2.53.3 complained that is was compiled with 1.24 and not working for 1.25. To fix I had to drop it from devbox and install version 2.53.5, compiled with 1.25 explicitly in the makefile.

🟠 Kubernetes main is already at Go 1.25 But last release 1.34.1 was still at 1.24.

Mac linker issue:

This is a known change in Go 1.25. The Go toolchain no longer automatically links against certain system frameworks on macOS. Your code uses the crypto/x509 package, which relies on the macOS Security and CoreFoundation frameworks for system trust store operations.

You need to explicitly tell the linker to include these frameworks.

Proof of Work

Basic CI should pass

Checklist

• Have you linked a jira ticket and/or is the ticket in the title?
• Have you checked whether your jira ticket required DOCSP changes?
• Have you signed our CLA?

[josvazg]

@roothorp I am not convinced it is useful to keep this draft open. If Nix fixes the deps issue for us, many of the changes here might not be needed.
The useful bit is all the lessons learned and noted at the top, which we can revisit whenever we want, even after closing the PR.

WDYT?

[josvazg]

too old, only useful for the findings summary