go-libddwaf: v2.3.1 -> v2.3.2 & appsec-internal-go: v1.4.2 -> v1.5.0

[eliottness]

What does this PR do?

Upgrade appsec dependencies. Major changes:

• The WAF now ignores byte slices are they are slowing down appsec and generation a lot of false positives, especially json.RawMessage
• Upgrade static rules to v1.11.0
• Switch DD_APPSEC_WAF_TIMEOUT default values from 4ms to 1ms

This PR runs go mod tidy in dd-trace-go root and in internal/apps/

Motivation

Better customer experience

Reviewer's Checklist

• Changed code has unit tests for its functionality at or near 100% coverage.
• System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
• There is a benchmark for any new code, or changes to existing code.
• If this interacts with the agent in a new way, a system test has been added.
• Add an appropriate team label so this PR gets put in the right place for the release notes.
• Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild.

For Datadog employees:

• If this PR touches code that handles credentials of any kind, such as Datadog API keys, I've requested a review from @DataDog/security-design-and-guidance.
• This PR doesn't touch any of that.

Unsure? Have a question? Request a review!

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-03-04 16:41:17

Comparing candidate commit b712949 in PR branch eliott.bouhana/appsec-deps-update with baseline commit cb92842 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 40 metrics, 1 unstable metrics.

[Julio-Guerra]

it looks like go mod tidy hasn't been run for a while (duplicated module entries for different versions) - can you please?

[eliottness]

I did run go mod tidy in this PR but I guess someone added some stuff on the main branch without running go mod tidy during that time. Now its merged, sorry I did not see this sooner 😢