Bump golang.org/x/net to v0.45.0 to fix vulnerability

[alexandear]

Running govulncheck before:

❯ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-3595
    Incorrect Neutralization of Input During Web Page Generation in x/net in
    golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2025-3595
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.26.0
    Fixed in: golang.org/x/net@v0.38.0
    Example traces found:
      #1: sanitize.go:226:20: bluemonday.Policy.sanitize calls html.Tokenizer.Next

Your code is affected by 1 vulnerability from 1 module.
This scan also found 3 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.

After upgrading to golang.org/x/net@v0.38.0 and Go 1.23.0:

❯ go install golang.org/x/vuln/cmd/govulncheck@latest
❯ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-4010
    Insufficient validation of bracketed IPv6 hostnames in net/url
  More info: https://pkg.go.dev/vuln/GO-2025-4010
  Standard library
    Found in: net/url@go1.23.12
    Fixed in: net/url@go1.24.8
    Example traces found:
Error:       #1: sanitize.go:583:36: bluemonday.Policy.sanitizeAttrs calls url.Parse

Your code is affected by 1 vulnerability from the Go standard library.
This scan also found 3 vulnerabilities in packages you import and 14
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

After upgrading to golang.org/x/net@v0.45.0 and Go 1.24.0:

❯ govulncheck ./...
No vulnerabilities found.