RDODCP-917: Bump Go to 1.26.4, sync deps, pin chisel v1.11.5-os.4

[MigueloMadeira]

Summary

Part of RDODCP-917. Updates cloud-connector for the release:

Change	Detail
Dependency bumps	golang.org/x/{crypto,net,sync,sys} (Dependabot #192) → crypto v0.53.0, net v0.55.0, sync v0.21.0, sys v0.46.0
Go toolchain	go 1.26.3 → 1.26.4 — mitigates CVE-2026-42504 (Go stdlib, HIGH)
Chisel pin	replace … => github.com/outsystems/chisel v1.11.5-os.4 (the newly published chisel release)

Validation — security scan (Grype + Trivy)

The cloud-connector image scans fully clean:

• Grype: 0 HIGH/CRITICAL.
• Trivy: 0 HIGH/CRITICAL.
• CVE-2026-42504 resolved by Go 1.26.4; the x/crypto/x/net CRITICALs resolved by the dependency bumps.

Scan screenshot:

Connection testing

cloud-connector (this branch) built and tunneled against the published chisel:1.11.5-os.4 image:

curl http://<local-ip>:8888/  →  HTTP 200 (directory listing returned)
cloud-connector: SSH connected; conn#1 Open → Close (data transferred)

Connection-test screenshot:

Notes

• Matching chisel release: OutSystems/chisel v1.11.5-os.4 (PR Bump golang.org/x/crypto from 0.18.0 to 0.22.0 #56, merged).
• Publish-pipeline Go bump is in rd-PaaS Bump golang.org/x/net from 0.15.0 to 0.17.0 #22.