Update Go to 1.24.6 to address known CVEs

[ausbru87]

Description

Update Go from 1.24.0 to 1.24.6 to address 6 known CVEs detected by Trivy security scanning.

Background

Security scanning implemented in #123 detected the following vulnerabilities in Go 1.24.0:

HIGH severity:

• CVE-2025-22874: crypto/x509 policy validation issue
• CVE-2025-47907: database/sql race condition

MEDIUM severity:

• CVE-2025-0913: os/syscall O_CREATE handling issue
• CVE-2025-22871: net/http request smuggling vulnerability
• CVE-2025-4673: net/http sensitive headers exposure
• CVE-2025-47906: os/exec LookPath security issue

All of these CVEs are fixed in Go 1.24.6.

Tasks

• [ ] Update go.mod to require Go 1.24.6
• [ ] Run go mod tidy
• [ ] Update any CI workflows that specify Go version
• [ ] Verify all tests pass with new Go version
• [ ] Run security scans to confirm CVEs are resolved

References

• Related to #123 (security scanning implementation)
• Go 1.24.6 release notes