fix(deps): update module github.com/xdg-go/scram to v1.2.0 (open-telemetry#44534)

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [github.com/xdg-go/scram](https://redirect.github.com/xdg-go/scram) |
`v1.1.2` -> `v1.2.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fxdg-go%2fscram/v1.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fxdg-go%2fscram/v1.1.2/v1.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>xdg-go/scram (github.com/xdg-go/scram)</summary>

###
[`v1.2.0`](https://redirect.github.com/xdg-go/scram/blob/HEAD/CHANGELOG.md#v120---2025-11-24)

[Compare
Source](https://redirect.github.com/xdg-go/scram/compare/v1.1.2...v1.2.0)

##### Added

- **Channel binding support for SCRAM-PLUS variants** (RFC 5929, RFC
9266)
- `GetStoredCredentialsWithError()` method that returns errors from
PBKDF2
  key derivation instead of panicking.
- Support for Go 1.24+ stdlib `crypto/pbkdf2` package, which provides
  FIPS 140-3 compliance when using SHA-256 or SHA-512 hash functions.

##### Changed

- Minimum Go version bumped from 1.11 to 1.18.
- Migrated from `github.com/xdg-go/pbkdf2` to stdlib `crypto/pbkdf2` on
  Go 1.24+. Legacy Go versions (<1.24) continue using the external
  library via build tags for backward compatibility.
- Internal error handling improved for PBKDF2 key derivation failures.

##### Deprecated

- `GetStoredCredentials()` is deprecated in favor of
  `GetStoredCredentialsWithError()`. The old method panics on PBKDF2
  errors to maintain backward compatibility but will be removed in a
  future major version.

##### Notes

- FIPS 140-3 compliance is available on Go 1.24+ when using
SCRAM-SHA-256
or SCRAM-SHA-512 with appropriate salt lengths (≥16 bytes). SCRAM-SHA-1
  is not FIPS-approved.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGVib3QiXX0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: otelbot <[email protected]>

Author: renovate[bot]

exporter/kafkaexporter/go.mod

@@ -102,7 +102,7 @@ require (
 	github.com/twmb/franz-go/pkg/sasl/kerberos v1.1.0 // indirect
 	github.com/twmb/franz-go/plugin/kzap v1.1.2 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/scram v1.2.0 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/collector/config/configcompression v1.46.1-0.20251120204106-2e9c82787618 // indirect

exporter/kafkaexporter/go.sum

@@ -72,7 +72,7 @@ require (
 	github.com/twmb/franz-go/pkg/sasl/kerberos v1.1.0 // indirect
 	github.com/twmb/franz-go/plugin/kzap v1.1.2 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/scram v1.2.0 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/collector/config/configcompression v1.46.1-0.20251120204106-2e9c82787618 // indirect

extension/observer/kafkatopicsobserver/go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/twmb/franz-go/pkg/kfake v0.0.0-20251021233722-4ca18825d8c0
 	github.com/twmb/franz-go/pkg/sasl/kerberos v1.1.0
-	github.com/xdg-go/scram v1.1.2
+	github.com/xdg-go/scram v1.2.0
 	go.opentelemetry.io/collector/config/configcompression v1.46.1-0.20251120204106-2e9c82787618
 	go.opentelemetry.io/collector/config/configopaque v1.46.1-0.20251120204106-2e9c82787618
 	go.opentelemetry.io/collector/config/configtls v1.46.1-0.20251120204106-2e9c82787618

extension/observer/kafkatopicsobserver/go.sum

@@ -80,7 +80,7 @@ require (
 	github.com/twmb/franz-go/pkg/sasl/kerberos v1.1.0 // indirect
 	github.com/twmb/franz-go/plugin/kzap v1.1.2 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/scram v1.2.0 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/collector/config/configcompression v1.46.1-0.20251120204106-2e9c82787618 // indirect

internal/kafka/go.mod

@@ -107,7 +107,7 @@ require (
 	github.com/twmb/franz-go/pkg/sasl/kerberos v1.1.0 // indirect
 	github.com/twmb/franz-go/plugin/kzap v1.1.2 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/scram v1.2.0 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/collector/config/configcompression v1.46.1-0.20251120204106-2e9c82787618 // indirect