ci: bump Go to 1.25.11 to fix govulncheck stdlib advisories

[eshaffer321]

Summary

govulncheck is failing on main (unrelated to #26 — it's a fresh Go security release). Two Go standard-library advisories, both fixed in go1.25.11:

Advisory	Package	Fixed in
GO-2026-5039	net/textproto	go1.25.11
GO-2026-5037	crypto/x509	go1.25.11

Changes

• GO_VERSION 1.25.10 → 1.25.11 in ci.yml and release.yml
• test matrix + codecov if bumped to 1.25.11
• go.mod go directive bumped to 1.25.11

Verification

govulncheck ./... → No vulnerabilities found. locally on go1.25.11. Build + tests pass.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.69%. Comparing base (216b757) to head (6024ade).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #27   +/-   ##
=======================================
  Coverage   56.69%   56.69%           
=======================================
  Files          43       43           
  Lines        4847     4847           
=======================================
  Hits         2748     2748           
  Misses       1934     1934           
  Partials      165      165           

Flag	Coverage Δ
unittests	56.69% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.