bug: Update to Go 1.24.2 to resolve CVE-2025-22871

[seanorama]

Describe the issue

Please update to Go 1.24.2 to resolve the "Critical" vulnerability:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

To Reproduce

Scan:

❯ grype ghcr.io/fluent/fluent-operator/fluent-operator:v3.3.0
NAME              INSTALLED  FIXED-IN                      TYPE       VULNERABILITY        SEVERITY
golang.org/x/net  v0.33.0    0.38.0                        go-module  GHSA-vvgc-356p-c3xw  Medium
golang.org/x/net  v0.33.0    0.36.0                        go-module  GHSA-qxp5-gwg8-xv66  Medium
stdlib            go1.23.4   1.23.8, 1.24.2                go-module  CVE-2025-22871       Critical
stdlib            go1.23.4   1.22.12, 1.23.6, 1.24.0-rc.3  go-module  CVE-2025-22866       Medium
stdlib            go1.23.4   1.22.11, 1.23.5, 1.24.0-rc.2  go-module  CVE-2024-45341       Medium
stdlib            go1.23.4   1.22.11, 1.23.5, 1.24.0-rc.2  go-module  CVE-2024-45336       Medium

The other CVEs listed appear to be fixed in branches master and release-3.4 so should be resolved once it's released.

Expected behavior

Image updated to `go 1.24.2

Your Environment

- Fluent Operator version: 3.3.0
- Container Runtime: n/a
- Operating system: n/a
- Kernel version: n/a

How did you install fluent operator?

n/a

Additional context

n/a