[TT-16932] [Critical Fix 5.12.1 / 5.8.13] CVE fixes (#8046)

## Description
This PR addresses the following CVEs:

**[CVE-2026-34986]** go-jose/v3 -> Updated to v3.0.5 ✅
**[CVE-2026-34986]** go-jose/v4 -> Updated to v4.1.4 ✅
**[CVE-2026-32286]** pgproto3/v2 -> Removed (via bento v1.16.2 using
pgx/v5) ✅
**[CVE-2026-39883]** otel/sdk -> Updated to v1.43.0 (via
TykTechnologies/opentelemetry v0.0.25) ✅

Previously #8090 was a separate PR for otel/sdk fix - it has been closed
and consolidated here.

## Related Issue
TT-16932

## Test Plan
- [x] `go build ./...` passes
- [ ] CI passes

---------

Co-authored-by: Ilija Bojanovic <ilijabojanovic@gmail.com>
Co-authored-by: Leonid Bugaev <leonsbox@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 4 people