[Backport 7.79.x] Bump curl version to 8.20.0

[Kyle-Neale]

What does this PR do?

Manual backport of #23771 to 7.79.x. Bumps the curl version used in .builders from 8.19.0 to 8.20.0 across all four builder images (Linux x86_64, Linux aarch64, macOS, Windows). Also bumps the vcpkg desired_commit pin in the Windows build_script.ps1 to the upstream commit that adds the curl 8.20.0 port.

The auto-backport bot was unable to open this PR (likely due to .deps/* lockfile drift on the release branch); the dependency-resolution bot will regenerate .deps/* against this branch automatically once this PR is open.

Motivation

Addresses CVE-2026-5773 — libcurl could reuse the wrong SMB(S) connection from the pool because the share name was not part of the connection-match criteria. Affected versions: 7.40.0 through 8.19.0. Fixed in curl 8.20.0 (released 2026-04-29).

Fixes: VULN-82927

Review checklist (to be filled by reviewers)

• Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
• Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
• If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

[dd-octo-sts]

Validation Report

Validation	Description	Status
license-headers	Validate Python files have proper license headers	❌

Run ddev validate all changed --fix to attempt to auto-fix supported validations.

Passed validations (19)

Validation	Description	Status
agent-reqs	Verify check versions match the Agent requirements file	✅
ci	Validate CI configuration and Codecov settings	✅
codeowners	Validate every integration has a CODEOWNERS entry	✅
config	Validate default configuration files against spec.yaml	✅
dep	Verify dependency pins are consistent and Agent-compatible	✅
http	Validate integrations use the HTTP wrapper correctly	✅
imports	Validate check imports do not use deprecated modules	✅
integration-style	Validate check code style conventions	✅
jmx-metrics	Validate JMX metrics definition files and config	✅
labeler	Validate PR labeler config matches integration directories	✅
legacy-signature	Validate no integration uses the legacy Agent check signature	✅
licenses	Validate third-party license attribution list	✅
metadata	Validate metadata.csv metric definitions	✅
models	Validate configuration data models match spec.yaml	✅
openmetrics	Validate OpenMetrics integrations disable the metric limit	✅
package	Validate Python package metadata and naming	✅
readmes	Validate README files have required sections	✅
saved-views	Validate saved view JSON file structure and fields	✅
version	Validate version consistency between package and changelog	✅

View full run

[datadog-datadog-prod-us1-2]

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 1 Pipeline job failed

Validate repository | Run Validations / Validate     

🔧 Fix in code (Fix with Cursor).

12 files failed license format validation. Run 'ddev validate license-headers --fix' to correct the issues.

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: e251dcd | Docs | Datadog PR Page | Give us feedback!}

[Kyle-Neale]

Failing validations unrelated to changes in this PR