update: golang.org/x/crypto

[dongsupark]

Name: golang.org/x/crypto
CVEs: CVE-2025-22869
CVSSs: 7.5
Action Needed: update to >= 0.35.0

Summary: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

See also https://groups.google.com/g/golang-announce/c/qN_GDasRQSA.

refmap.gentoo: TBD

[dongsupark]

Done.

• mantle: resolved by build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 mantle#587.
• nebraska
  • backend: resolved by build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in /backend nebraska#970
  • updater: resolved by build(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 in /updater nebraska#1001

Still not fixed in azure-vhd-utils, but that has nothing to do with the ssh security issue.