Security Update: Cilium v1.15.3 and golang.org/x/net v0.23.0

[nataliagranato]

In this PR, we are updating two important packages to address security vulnerabilities.

1. We are updating the github.com/cilium/cilium package to version 1.15.3. This update addresses a security vulnerability that affects users of IPsec transparent encryption in Cilium. Users may be vulnerable to cryptographic attacks that render transparent encryption ineffective. Specifically, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker:

• Chosen plaintext attacks
• Key recovery attacks
• Replay attacks

These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. The fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks.

2. We are also updating the golang.org/x/net package from version 0.20.0 to 0.23.0. This update includes several bug fixes and performance improvements.