CSPL-4736: Upgrade moby/spdystream version

[rlieberman-splunk]

Description

This PR updates the github.com/moby/spdystream dependency version from v0.5.0 to 0.5.1. It also updates the ubi8 minimal image to 8.10-1776645784.

Library	Remediated Version	Details
github.com/moby/spdystream	0.5.1	spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes — all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.
libarchive	3.3.3-7.el8_10	CVE-2026-4424
libnghttp2	1.33.0-6.el8_10.2	A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).

Key Changes

• Updated github.com/moby/spdystream in go.mod and go.sum
• Updated ubi8 minimal image in Makefile and Dockerfile

Testing and Verification

• Unit tests pass
• Smoke tests pass

Related Issues

• https://splunk.atlassian.net/browse/CSPL-4736
• https://splunk.atlassian.net/browse/VULN-71928

PR Checklist

• Code changes adhere to the project's coding standards.
• Relevant unit and integration tests are included.
• Documentation has been updated accordingly.
• All tests pass locally.
• The PR description follows the project's guidelines.