fix: allow usage of Go WASI policies built by go 1.26

[flavio]

These changes are required to run policies built by the official go compiler, starting from release 1.26.0

BTW: I did a sync of the default features that wasmtime is using nowadays.

[flavio]

This is required to fix the policies that are not passing these tests: kubewarden/policies#392

[Copilot]

Pull request overview

This PR updates the Wasmtime configuration used by the policy server/evaluator to support executing WASI policies produced by the official Go compiler starting with Go 1.26, and adjusts the Wasmtime feature set used on macOS x86_64 to match current Wasmtime defaults (minus stack switching).

Changes:

• Enable wasm_function_references in Wasmtime Config for both policy-server and policy-evaluator engine construction.
• Switch policy-server’s Wasmtime config initialization to Config::default().
• Refresh the macOS x86_64 Wasmtime feature list in policy-evaluator to reflect updated defaults.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
crates/policy-server/src/lib.rs	Enables Wasmtime function references for server-created engines (Go 1.26 WASI compatibility).
crates/policy-evaluator/src/policy_evaluator/policy_evaluator_builder.rs	Enables Wasmtime function references for evaluator-created engines (Go 1.26 WASI compatibility).
crates/policy-evaluator/Cargo.toml	Updates macOS x86_64 Wasmtime feature override (default-features replication minus stack switching).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

wasm_function_references(true) is now required for Go >= 1.26 policies when this builder constructs its own Engine, but users can also supply a custom wasmtime::Engine via PolicyEvaluatorBuilder::engine(...). The existing docs only warn about enabling epoch_interruption; please also document that custom engines must enable wasm_function_references (or otherwise Go >= 1.26 policies will fail to load).

[Copilot]

This macOS x86_64 wasmtime feature override is intended to "replicate default features minus stack-switching", but the feature list now diverges from the similar override in crates/burrego/Cargo.toml (same workaround comment). To avoid target-specific build/behavior drift, consider updating the other manifest(s) in the same PR or centralizing the list so they stay in sync.

[Copilot]

For consistency with the rest of the repo's Cargo.toml files (and to minimize churn with TOML formatters), consider using double-quoted strings for the wasmtime feature names here instead of single-quoted literal strings.

Suggested change

	'addr2line',
	'anyhow',
	'async',
	'backtrace',
	'cache',
	'compile-time-builtins',
	'component-model',
	'component-model-async',
	'coredump',
	'cranelift',
	'debug',
	'debug-builtins',
	'demangle',
	'gc',
	'gc-drc',
	'gc-null',
	'parallel-compilation',
	'pooling-allocator',
	'profiling',
	'runtime',
	'std',
	'threads',
	'wat',
	"addr2line",
	"anyhow",
	"async",
	"backtrace",
	"cache",
	"compile-time-builtins",
	"component-model",
	"component-model-async",
	"coredump",
	"cranelift",
	"debug",
	"debug-builtins",
	"demangle",
	"gc",
	"gc-drc",
	"gc-null",
	"parallel-compilation",
	"pooling-allocator",
	"profiling",
	"runtime",
	"std",
	"threads",
	"wat",

[Copilot]

This change is meant to restore compatibility with Go >= 1.26 WASI policies, but there isn't a regression test that would fail without wasm_function_references(true). Consider adding a unit/integration test that attempts to compile/load a minimal module requiring function references (e.g., a tiny WAT using ref.func / funcref) to prevent future regressions.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.42%. Comparing base (e9aee77) to head (a9cfc25).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1683      +/-   ##
==========================================
+ Coverage   80.40%   80.42%   +0.01%     
==========================================
  Files         127      127              
  Lines       16411    16413       +2     
==========================================
+ Hits        13196    13200       +4     
+ Misses       3215     3213       -2     

Flag	Coverage Δ
rust-tests	80.42% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.