chore: bump Go to 1.26.1 and update all dependencies to latest

[ddusht]

Summary

Bumps the Go toolchain version from 1.24.6 to 1.26.1 and updates all
Go module dependencies to their latest available versions via go get -u ./....

Changes

• Go version: 1.24.6 → 1.26.1
• All direct and transitive dependencies updated to latest versions
• Added replace directives to pin three transitive dependencies that have
  introduced breaking interface changes not yet handled by upstream packages

Pinned Dependencies

Three replace directives are required to keep the build compiling after
the dependency updates:

Package	Pinned To	Reason
github.com/diskfs/go-diskfs	v1.7.0	v1.8+ changed ReadDir return type from []os.FileInfo to []fs.DirEntry, breaking syft's internal/file/squashfs.go which passes the result to walkDiskDir(... os.FileInfo ...)
github.com/sylabs/squashfs	v1.0.5	v1.0.6+ introduced fs.DirEntry usage that is incompatible with how syft calls walkDiskDir, which expects os.FileInfo
github.com/google/go-containerregistry	v0.20.6	v0.21+ migrated the daemon.Client interface to use github.com/moby/moby/client, breaking occam@v0.31.0 which was built against the github.com/docker/docker/client interface

Follow-up

The replace directives should be removed once:

• occam is updated to support go-containerregistry v0.21+
• syft is updated to use io/fs.ReadDirFS throughout

Checklist

• I have viewed, signed, and submitted the Contributor License Agreement.
• I have linked issue(s) that this PR should close using keywords or the Github UI (See docs)
• I have added an integration test, if necessary.
• I have reviewed the styleguide for guidance on my code quality.
• I'm happy with the commit history on this PR (I have rebased/squashed as needed).

[ddusht]

@jericop — this is fairly urgent. Our company is consuming this downstream, and the Go packages not being updated are starting to cause security issues. Could you please take a look when you get a chance? Thanks so much!

[ddusht]

will close out: #1063