chore: bump direct Go dependencies

[dgageot]

This PR updates direct Go dependencies to their latest stable versions. All bumps were validated with linting and tests to ensure no breaking changes or regressions are introduced.

Four dependencies were successfully bumped: github.com/aws/aws-sdk-go-v2 (v1.41.9 → v1.41.11), github.com/aws/aws-sdk-go-v2/config (v1.32.20 → v1.32.22, which also updated transitive deps), github.com/aws/aws-sdk-go-v2/service/bedrockruntime (v1.53.1 → v1.53.3), and github.com/docker/portcullis (latest pseudo-version bump).

Two dependencies were identified as having breaking changes and were skipped pending further work:

Dependency	Current	Latest	Status	Reason
github.com/aws/aws-sdk-go-v2	v1.41.9	v1.41.11	✓ Bumped	—
github.com/aws/aws-sdk-go-v2/config	v1.32.20	v1.32.22	✓ Bumped	—
github.com/aws/aws-sdk-go-v2/service/bedrockruntime	v1.53.1	v1.53.3	✓ Bumped	—
github.com/docker/portcullis	v0.0.0-20260529163507-412383f2a0bc	v0.0.0-20260602141607-f40f36dfd646	✓ Bumped	—
github.com/coder/acp-go-sdk	v0.13.0	v0.13.5	✗ Skipped	New Agent.Logout interface method breaks our *Agent
google.golang.org/adk	v1.2.0	v1.4.0	✗ Skipped	Deprecates server/adka2a in favor of adka2a/v2 (requires migration)

[docker-agent]

Assessment: 🟢 APPROVE

Reviewed dependency bump for go.mod / go.sum.

Scope: AWS SDK v2 ecosystem patch bumps + github.com/docker/portcullis pseudo-version update.

Checks performed:

• ✅ All bumped go.mod versions have matching h1: and /go.mod h1: hashes in go.sum; old entries correctly removed
• ✅ AWS SDK v2 internal packages (configsources, endpoints/v2, internal/v4a, eventstream, ec2/imds, presigned-url, accept-encoding, signin, sso, ssooidc, sts, credentials, config, core) bumped together consistently
• ✅ smithy-go bumped to v1.27.0 — correct foundational dependency for this AWS SDK version
• ✅ docker/portcullis pseudo-version updated with both hash entries present
• ✅ Intentionally skipped deps (acp-go-sdk, google.golang.org/adk) are untouched

No issues found. The changes are safe to merge.