chore: bump direct Go dependencies

[dgageot]

What

Bump direct Go dependencies one by one, each validated with task lint and task test.

Module	From	To	Status
github.com/aws/aws-sdk-go-v2	v1.41.8	v1.41.9	bumped
github.com/aws/aws-sdk-go-v2/config	v1.32.19	v1.32.20	bumped
github.com/aws/aws-sdk-go-v2/credentials	v1.19.18	v1.19.19	bumped (via config)
github.com/aws/aws-sdk-go-v2/service/bedrockruntime	v1.53.0	v1.53.1	bumped
github.com/aws/aws-sdk-go-v2/service/sts	v1.42.2	v1.42.3	bumped (via config)
github.com/docker/portcullis	v0.0.0-20260526171634-3105c185ace7	v0.0.0-20260529163507-412383f2a0bc	bumped
github.com/mattn/go-runewidth	v0.0.23	v0.0.24	bumped
google.golang.org/adk	v1.2.0	v1.4.0	skipped

Notes

• The aws-sdk-go-v2/config bump also pulled credentials and sts to their latest versions.
• google.golang.org/adk v1.4.0 was skipped: it deprecates the adka2a package in favor of adka2a/v2, which fails the linter and requires a code migration beyond a simple version bump.

[docker-agent]

Assessment: 🟢 APPROVE

Routine dependency bump — all version increments are consistent and internally coherent across go.mod and go.sum.

Checked:

• AWS SDK v2 core, config, credentials, bedrockruntime, and sts bumped in lockstep; all transitive modules (configsources, endpoints/v2, eventstream, ec2/imds, presigned-url, sso, ssooidc, etc.) updated consistently.
• docker/portcullis pseudo-version bump is consistent — go.sum updated with the new commit hash; shared /go.mod hash between old and new versions is expected when the module's own go.mod did not change.
• mattn/go-runewidth v0.0.24 reuses the same /go.mod hash as v0.0.23 — normal for a patch that doesn't alter the module's own go.mod.
• google.golang.org/adk intentionally skipped (would require migration from adka2a → adka2a/v2); not a concern.
• No orphaned hashes, no version mismatches, no missing entries.

No bugs found in the changed code.