Bump securego/gosec from 2.25.0 to 2.26.1

[dependabot]

Bumps securego/gosec from 2.25.0 to 2.26.1.

Release notes

Sourced from securego/gosec's releases.

v2.26.1

Changelog

• 4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (#1659)

Commits

• 4a3bd8a Update cosign to v3.0.6 (#1659)
• 553d8a5 Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658)
• bf0ccd3 Update all dependencies (#1657)
• 4ead098 Add G710 rule for open redirect via taint analysis (#1654)
• 8ff985f Fix formatting
• a1aad0c Update the default models use by autofix and phase out the older models
• 74bdf7f Format and clean-up the README
• 74dc989 Add HTTP file-serving function to the skins of pathtraversal analyzer (#1647)
• 7020111 Skip flaging the TLS min version for go 1.18+ (#1646)
• d5869fc chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (#1645)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)