chore: bump OpenTelemetry Go dependencies

[hittyt]

Summary

• Bump OpenTelemetry Go dependencies to address Dependabot security alerts in Go components.
• Use official OpenTelemetry v1.43.0 fixes for execd, egress, and shared internal telemetry modules.
• Keep kubernetes on Go 1.24 compatibility and only move its OpenTelemetry dependencies to the Go 1.24-compatible v1.41 line, which fixes the baggage header alert without raising the Kubernetes toolchain baseline.

Testing

• Not run (explain why)
• Unit tests
• Integration tests
• e2e / manual verification

Commands run:

• go test ./... in components/internal
• go test ./... in components/egress
• go test ./... in components/execd
• go test ./... in components/ingress
• GOTOOLCHAIN=go1.24.13 go list ./... | rg -v '(/internal/controller$|/test/e2e|/test/e2e_runtime|/test/e2e_task)' | xargs go test in kubernetes\n- git diff --check\n\n# Breaking Changes\n- [x] None\n- [ ] Yes (describe impact and migration path)\n\n# Checklist\n- [x] Linked Issue or clearly described motivation\n- [x] Added/updated docs (if needed)\n- [x] Added/updated tests (if needed)\n- [x] Security impact considered\n- [x] Backward compatibility considered\n\nNotes:\n- No GitHub issue is linked. Motivation is Dependabot OpenTelemetry-Go alerts.\n- Kubernetes remains at go 1.24.0 to preserve the existing compatibility test baseline. The OpenTelemetry SDK alert that requires v1.43.0 is not resolved in kubernetes because upstream v1.43.0 requires Go 1.25.

[jwx0925]

LGTM