fix: resolve security scan failures

- Upgrade Go from 1.24.11 to 1.24.12 to fix stdlib vulnerabilities
  (GO-2026-4340: crypto/tls, GO-2026-4341: net/url)
- Add #nosec G101 annotation for fake test credentials in testutil.go
- Explicitly ignore os.Setenv errors in acctest.go (G104)

Author: KT-Doan

go.mod

@@ -1,6 +1,6 @@
 module github.com/ory/terraform-provider-orynetwork
 
-go 1.24.11
+go 1.24.12
 
 require (
 	github.com/hashicorp/terraform-plugin-framework v1.16.1

internal/acctest/acctest.go

@@ -71,10 +71,11 @@ func AccPreCheck(t *testing.T) {
 	}
 
 	// Set environment variables for the provider to use
-	os.Setenv("ORY_PROJECT_ID", project.ID)
-	os.Setenv("ORY_PROJECT_SLUG", project.Slug)
-	os.Setenv("ORY_PROJECT_API_KEY", project.APIKey)
-	os.Setenv("ORY_PROJECT_ENVIRONMENT", project.Environment)
+	// Errors are intentionally ignored as os.Setenv only fails on invalid key names
+	_ = os.Setenv("ORY_PROJECT_ID", project.ID)
+	_ = os.Setenv("ORY_PROJECT_SLUG", project.Slug)
+	_ = os.Setenv("ORY_PROJECT_API_KEY", project.APIKey)
+	_ = os.Setenv("ORY_PROJECT_ENVIRONMENT", project.Environment)
 }
 
 // GetTestProject returns the shared test project, loading from env vars or creating if necessary.

internal/testutil/testutil.go

@@ -23,6 +23,7 @@ const (
 )
 
 // Test API key constants - fake keys for unit tests
+// #nosec G101 -- These are intentionally fake test credentials, not real secrets
 const (
 	// TestWorkspaceAPIKey is a fake workspace API key for tests.
 	TestWorkspaceAPIKey = "ory_wak_test"