Fix cve-2023-5528 in release 3.26

[paulgmiller]

trivy image --ignore-unfixed --severity=HIGH,CRITICAL docker.io/calico/node:v3.26.4 (Also same for mcr.microsoft.com/oss/calico/node:v3.26.4-c06a60 which is a slightly later commit)

┌───────────────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────┬────────────────────────────────────────────────────────┐
│      Library      │ Vulnerability │ Severity │ Status │ Installed Version │          Fixed Version           │                         Title                          │
├───────────────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────┼────────────────────────────────────────────────────────┤
│ k8s.io/kubernetes │ CVE-2023-5528 │ HIGH     │ fixed  │ v1.26.8           │ 1.28.4, 1.27.8, 1.26.11, 1.25.16 │ kubernetes: Insufficient input sanitization in in-tree │
│                   │               │          │        │                   │                                  │ storage plugin leads to privilege escalation...        │
│                   │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2023-5528              │
└───────────────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────┴────────────────────────────────────────────────────────┘

Expected Behavior

No critical cves in supported releases.

Current Behavior

k8s.io/kubernetes exposes cve https://avd.aquasec.com/nvd/2023/cve-2023-5528/

Possible Solution

Should be fixable with a go mod upgrade to 1.26.11 (can try and make a pr)

Steps to Reproduce (for bugs)

See trivy link at top

Context

AKS still deploys 3.26 calico (and will for a while) so custoemrs are concerned.

Your Environment

• Calico version
• Orchestrator version (e.g. kubernetes, mesos, rkt): k8s
• Operating System and version: ubuntu
• Link to your project (optional): github.com/azure/aks