fix(security): bump container dependencies to remediate 10 CVEs

[johntmyers]

Summary

Bump third-party dependencies in container images to remediate 10 vulnerabilities (1 Critical, 9 High) identified in the April 1, 2026 Security Tracker.

Related Issue

Closes #735

Changes

P0: k3s v1.35.2-k3s1 -> v1.35.3-k3s1 (7 CVEs in cluster image)

Bumps containerd to v2.2.2-k3s1, runc to v1.4.1, and Go to 1.25.7. Addresses:

• GHSA-p77j-4mvh-x3m3 (Critical) -- gRPC-Go authorization bypass
• GHSA-pwhc-rpq9-4c8w -- containerd local privilege escalation
• GHSA-p436-gjf2-799p -- Docker CLI uncontrolled search path
• GHSA-9h8m-3fm2-qjrq -- OpenTelemetry Go SDK PATH hijacking
• GHSA-6v2p-p543-phr9 -- golang.org/x/oauth2 input validation
• GHSA-6g7g-w4f8-9c9x -- buger/jsonparser DoS
• CVE-2024-36623 -- moby streamformatter race condition

P1: Explicit system package upgrades (2 CVEs across all images)

No newer NVIDIA base image (noble-20251013) is available. Added apt-get install --only-upgrade gpgv to gateway, cluster, and CI Dockerfiles, and python3 upgrade to CI:

• CVE-2025-68973 -- GnuPG out-of-bounds write in gpgv
• CVE-2026-4519 -- Python webbrowser.open() CLI option injection

P2: Docker CLI 29.3.0 -> 29.3.1 (2 CVEs in CI image)

Updates Go runtime to 1.25.8 and containerd to v2.2.2:

• GHSA-p436-gjf2-799p -- Docker CLI uncontrolled search path
• GHSA-p77j-4mvh-x3m3 -- gRPC-Go authorization bypass (via Go dep)

P3: syft 1.42.2 -> 1.42.3 (CI tooling)

Bumps buger/jsonparser to v1.1.2 within the syft binary, addressing scanner findings for GHSA-6g7g-w4f8-9c9x in CI image.

Testing

• mise run pre-commit passes
• Rebuild all images: mise run build:docker
• Run full CI suite: mise run ci
• Run e2e tests: mise run e2e
• Rescan all images with grype/trivy to confirm 0 remaining findings

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)