Set minimal Go toolchain version

[zerok]

Right now the binaries (e.g. for the 5.8.1) release are built using the default Go version that is available on GitHub runners. For that release it meant 1.24.0. This means that when the binary is scanned for instance with trivy it will show tons of relevant CVEs due to that old Go version.

My proposal would be to set a toolchain directive inside the go.work file to enforce a minimum version number for the build process. This version would be kept up-to-date by dependabot. WDYT?

[k8s-ci-robot]

This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.