chore: upgrade Go toolchain 1.25 & zoekt version (#1112)

* chore: upgrade Go toolchain from 1.23.4 to 1.25

Resolves CVE-2025-68121 (CRITICAL, crypto/tls certificate validation
during TLS session resumption) and multiple HIGH/MEDIUM Go stdlib CVEs
across all zoekt binaries.

Also pulls latest zoekt submodule (dec971a, bump dependencies #9)
which updates go.mod to go 1.25.0.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: add CHANGELOG entry for Go toolchain upgrade

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* changelog

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: brendan-kellam

Dockerfile

@@ -16,7 +16,7 @@ ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
 ARG NEXT_PUBLIC_BUILD_COMMIT_SHA
 
 FROM node:24-alpine3.23 AS node-alpine
-FROM golang:1.23.4-alpine3.19 AS go-alpine
+FROM golang:1.25-alpine AS go-alpine
 # ----------------------------------
 
 # ------ Build Zoekt ------