*: upgrade go version to v1.25.6 to avoid security vulnerabilities (#1080)

[ti-chi-bot]

This is an automated cherry-pick of #1080

What problem does this PR solve?

Issue Number: close #1078

Problem Summary:

Target: `usr/bin/tiproxy` (gobinary) (7 vulnerabilities)
[MEDIUM] Risk Library:  golang.org/x/crypto  Installed: `v0.40.0`
[CVE-2025-47914](https://nvd.nist.gov/vuln/detail/CVE-2025-47914) - MEDIUM - Fixed: `0.45.0`
[CVE-2025-58181](https://nvd.nist.gov/vuln/detail/CVE-2025-58181) - MEDIUM - Fixed: `0.45.0`
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

Target: `usr/bin/tiproxyctl` (gobinary) (3 vulnerabilities)
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

What is changed and how it works:

• Upgrade go to v1.25.6
• Upgrade golang.org/x/crypto to latest
• Use go1.25.6 to compile golangci-lint

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Notable changes

• Has configuration change
• Has HTTP API interfaces change
• Has tiproxyctl change
• Other user behavior changes

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

[ti-chi-bot]

This cherry pick PR is for a release branch and has not yet been approved by triage owners.
Adding the do-not-merge/cherry-pick-not-approved label.

To merge this cherry pick:

1. It must be LGTMed and approved by the reviewers firstly.
2. For pull requests to TiDB-x branches, it must have no failed tests.
3. AFTER it has lgtm and approved labels, please wait for the cherry-pick merging approval from triage owners.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign xhebox for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

@djshow832 This PR has conflicts, I have hold it.
Please resolve them or ask others to resolve them, then comment /unhold to remove the hold label.

[ti-chi-bot]

@ti-chi-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-build	a5731df	link	true	/test pull-build
pull-check	a5731df	link	true	/test pull-check
pull-unit-test	a5731df	link	true	/test pull-unit-test
pull-mysql-connector-test	a5731df	link	true	/test mysql-connector-test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.