chore: bump go dependencies

[dgageot]

This updates direct Go module dependencies to their latest patch and minor versions. Each dependency was validated individually with tests and the linter to ensure no breakages.

The following 10 dependencies were bumped:

• github.com/aws/aws-sdk-go-v2 v1.41.11 → v1.41.12
• github.com/aws/aws-sdk-go-v2/config v1.32.22 → v1.32.23
• github.com/aws/aws-sdk-go-v2/credentials v1.19.21 → v1.19.22
• github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.53.3 → v1.53.4
• github.com/aws/smithy-go v1.27.0 → v1.27.1
• github.com/Masterminds/semver/v3 v3.2.1 → v3.5.0
• github.com/docker/cli v29.5.2 → v29.5.3
• github.com/openai/openai-go/v3 v3.38.0 → v3.39.0
• github.com/pb33f/libopenapi v0.37.2 → v0.37.3
• google.golang.org/genai v1.58.0 → v1.59.0

All tests pass and linting shows no issues.

[docker-agent]

Assessment: 🟢 APPROVE

Reviewed go.mod and go.sum changes for this dependency bump PR.

Summary of analysis:

All 10 dependency bumps were examined. The AWS SDK Go v2 changes (core, config, credentials, bedrockruntime, sts, smithy-go) are all patch-level and internally consistent — every direct and indirect sub-module is bumped in lockstep with matching go.sum hashes. The docker/cli and pb33f/libopenapi bumps are patch-level with no API surface concerns.

The Masterminds/semver v3.2.1 → v3.5.0 jump was investigated most closely. While this skips two minor versions that introduced ConstraintGroup and changed pre-release constraint matching semantics, the project's only usage is semver.NewVersion() and Version.GreaterThan() in pkg/selfupdate/selfupdate.go — neither API was affected by these changes.

The openai-go/v3 (v3.38→v3.39) and google.golang.org/genai (v1.58→v1.59) minor bumps carry low risk as call sites were not changed.

All go.sum entries are present and consistent — new-version hashes added, old-version hashes removed correctly.

No bugs found in the changed code.