chore: update Kex-Algorithms

[34fathombelow]

Signed-off-by: douhunt douhunt@protonmail.com

Part 1 of 3 to upgrade base image to Ubuntu:22.04
This must be merged before #9551 and cherry-picked into 2.4

Upgraded golang.org/x/crypto libraries to support diffie-hellman-group14-sha256. I also removed two Kex-Algorithms which should no longer be used for security reasons. This may cause some breakage for a very very small group of users. I would also recommend removing diffie-hellman-group14-sha1 in the very near future (v2.5) and give users plenty of warning.
Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).

[codecov]

Codecov Report

Merging #9561 (728a492) into master (5edaa6c) will decrease coverage by 0.07%.
The diff coverage is 40.38%.

@@            Coverage Diff             @@
##           master    #9561      +/-   ##
==========================================
- Coverage   45.86%   45.79%   -0.08%     
==========================================
  Files         221      222       +1     
  Lines       26309    26377      +68     
==========================================
+ Hits        12067    12079      +12     
- Misses      12586    12650      +64     
+ Partials     1656     1648       -8     

Impacted Files	Coverage Δ
controller/appcontroller.go	52.07% <0.00%> (-0.21%)	⬇️
util/argo/managedfields/parser.go	100.00% <ø> (ø)
util/git/ssh.go	0.00% <ø> (ø)
util/app/discovery/discovery.go	40.27% <33.33%> (ø)
util/argo/managedfields/managed_fields.go	42.04% <36.61%> (-32.96%)	⬇️
cmpserver/plugin/plugin.go	49.28% <50.00%> (+1.80%)	⬆️
controller/state.go	73.64% <50.00%> (-0.26%)	⬇️
controller/sync.go	56.84% <50.00%> (-0.12%)	⬇️
util/argo/diff/diff.go	52.20% <60.00%> (-0.07%)	⬇️
reposerver/repository/repository.go	60.44% <66.66%> (-0.97%)	⬇️
... and 13 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 61f48d5...728a492. Read the comment docs.

[crenshaw-dev]

@34fathombelow thanks for this!

Just so we have a paper trail, did you use any particular source that we can cite as the reason for removing the no-longer-secure algorithms?

[34fathombelow]

1. https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html#rfc.section.3.6
2. https://github.blog/2017-02-27-crypto-deprecation-notice/
3. https://www.rfc-editor.org/rfc/rfc9142.html

[crenshaw-dev]

LGTM! @jannfis can you take a look?

[jannfis]

LGTM, thanks @34fathombelow !

[crenshaw-dev]

Cherry-picked onto 2.4.