chore(deps): update vulnerable dependencies in release-2.12 (#14782)

## Motivation

Security vulnerabilities were identified in Go stdlib and Docker base
images used in the Kuma project. This PR updates these dependencies to
address HIGH severity CVEs and maintain security compliance for the
release-2.12 branch.

## Implementation information

This PR addresses security vulnerabilities through the following
updates:

**Go Dependencies:**
- Updated Go from `1.25.0` to `1.25.1` using `osv-scanner v1.9.1` and
`make update-vulnerable-dependencies`

**Docker Base Images:**
- Updated `gcr.io/distroless/base-nossl-debian12:debug` from debian
12.11 to 12.12 (digest: `7557eb8...` → `12dbb4f...`)
- Updated `gcr.io/distroless/base-nossl-debian12:debug-nonroot` from
debian 12.11 to 12.12 (digest: `ccb2092...` → `d86c78b...`)
- Both updates fix `CVE-2025-4802` (HIGH): glibc static setuid binary
dlopen may incorrectly search LD_LIBRARY_PATH

**Note:** The
`gcr.io/k8s-staging-build-image/distroless-iptables:v0.8.1` image still
contains `CVE-2025-4802` but is maintained by the Kubernetes team and
requires an upstream update before we can address it.

## Supporting documentation

Security scanning performed using:
- `osv-scanner v1.9.1` for Go dependencies
- `trivy` for Docker image vulnerability scanning

All HIGH and CRITICAL vulnerabilities that can be fixed have been
addressed. One vulnerability remains in the `distroless-iptables` image
pending upstream release from the Kubernetes team.

Signed-off-by: Bart Smykla <bartek@smykla.com>

ci(k3d): add CNI selector, switch Calico to Helm, bump MetalLB (backp…

…ort of #14694) (#14699)

Automatic cherry-pick of #14694 for branch release-2.12

Generated by
[action](https://github.com/kumahq/kuma/actions/runs/18524411976)

cherry-picked commit fc065ba

Signed-off-by: Bart Smykla <bartek@smykla.com>
Co-authored-by: Bart Smykla <bartek@smykla.com>

ci(k3d): add CNI selector, switch Calico to Helm, bump MetalLB (backp…

…ort of #14694) (#14696)

Automatic cherry-pick of #14694 for branch release-2.11

Generated by
[action](https://github.com/kumahq/kuma/actions/runs/18524411976)

cherry-picked commit fc065ba

---------

Signed-off-by: Bart Smykla <bartek@smykla.com>
Signed-off-by: Marcin Skalski <skalskimarcin33@gmail.com>
Co-authored-by: Bart Smykla <bartek@smykla.com>
Co-authored-by: Marcin Skalski <skalskimarcin33@gmail.com>

ci(k3d): add CNI selector, switch Calico to Helm, bump MetalLB (backp…

…ort of #14694) (#14697)

Automatic cherry-pick of #14694 for branch release-2.10

Generated by
[action](https://github.com/kumahq/kuma/actions/runs/18524411976)

cherry-picked commit fc065ba

---------

Signed-off-by: Bart Smykla <bartek@smykla.com>
Signed-off-by: Marcin Skalski <skalskimarcin33@gmail.com>
Co-authored-by: Bart Smykla <bartek@smykla.com>
Co-authored-by: Marcin Skalski <skalskimarcin33@gmail.com>

ci(k3d): add CNI selector, switch Calico to Helm, bump MetalLB (backp…

…ort of #14694) (#14698)

Automatic cherry-pick of #14694 for branch release-2.9

Generated by
[action](https://github.com/kumahq/kuma/actions/runs/18524411976)

cherry-picked commit fc065ba

---------

Signed-off-by: Bart Smykla <bartek@smykla.com>
Signed-off-by: Marcin Skalski <skalskimarcin33@gmail.com>
Co-authored-by: Bart Smykla <bartek@smykla.com>
Co-authored-by: Marcin Skalski <skalskimarcin33@gmail.com>

ci(k3d): add CNI selector, switch Calico to Helm, bump MetalLB (backp…

…ort of #14694) (#14695)

Automatic cherry-pick of #14694 for branch release-2.7

Generated by
[action](https://github.com/kumahq/kuma/actions/runs/18524411976)

cherry-picked commit fc065ba

---------

Signed-off-by: Bart Smykla <bartek@smykla.com>
Signed-off-by: Marcin Skalski <skalskimarcin33@gmail.com>
Co-authored-by: Bart Smykla <bartek@smykla.com>
Co-authored-by: Marcin Skalski <skalskimarcin33@gmail.com>

chore(deps): bump kumahq/kuma-gui to a7d6a5faa2101899ebdb0b1c12aea4b5…

…1d5b941c (#14393)

Bumps kumahq/kuma-gui to version
[release-2.12@a7d6a5faa2101899ebdb0b1c12aea4b51d5b941c](https://github.com/kumahq/kuma-gui/tree/a7d6a5faa2101899ebdb0b1c12aea4b51d5b941c)

> Changelog: chore(deps): use latest kumahq/kuma-gui

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

ci(helm): revert helm-cr bump from v1.3.0 to v1.7.0 (#14337)

## Motivation

We bumped the helm-cr to v1.7.0 by accident, which impacted the patch
release. Now we need to downgrade it.

Signed-off-by: Icarus Wu <icaruswu66@qq.com>

ci(helm): revert helm-cr bump from v1.3.0 to v1.7.0 (#14338)

## Motivation

We bumped the helm-cr to v1.7.0 by accident, which impacted the patch
release. Now we need to downgrade it.

Signed-off-by: Icarus Wu <icaruswu66@qq.com>

ci(helm): revert helm-cr bump from v1.3.0 to v1.7.0 (#14336)

## Motivation

We bumped the helm-cr to v1.7.0 by accident, which impacted the patch
release. Now we need to downgrade it.

Signed-off-by: Icarus Wu <icaruswu66@qq.com>