chore: upgrade Go to 1.25.8 to fix stdlib CVEs

[jjbustamante]

Summary

• Bumps Go version from 1.25.7 to 1.25.8 in go.mod
• Fixes three vulnerabilities in the Go standard library detected via grype on the buildpacksio/pack:0.40.1 image

CVE	Severity	Fixed in
CVE-2026-25679	High	1.25.8
CVE-2026-27142	High	1.25.8
CVE-2026-27139	Low	1.25.8

The Dockerfile (golang:1.25) and CI workflows already use floating minor-version tags, so they will automatically pick up 1.25.8.

Test plan

• CI passes with Go 1.25.8
• Re-run grype on the new image to confirm vulnerabilities are resolved

Resolves #2547

[jjbustamante]

Local Testing

>$ git status
On branch chore/fix-go-stdlib-vulnerabilities
Your branch is up to date with 'origin/chore/fix-go-stdlib-vulnerabilities'.

>$ go version
go version go1.25.8 linux/amd64

>$ make build
=====> Building...
go build -ldflags "-s -w -X 'github.com/buildpacks/pack/pkg/client.Version=0.0.0+git-c26c423' -extldflags ''" -trimpath -o ./out/pack -a

>$ grype out/pack 
 ✔ Indexed file system                                                                                                                                                             out/pack 
 ✔ Cataloged contents                                                                                                      88e773bb583e8e5a7a6fbd158e5d3a890944da1588aa164b45dc90d92a6074ac 
   ├── ✔ Packages                        [132 packages]  
   ├── ✔ Executables                     [1 executables]  
   ├── ✔ File digests                    [1 files]  
   └── ✔ File metadata                   [1 locations]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found
A newer version of grype is available for download: 0.109.1 (installed version is 0.109.0)