fix(deps): update module github.com/tink-crypto/tink-go/v2 to v2.5.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/tink-crypto/tink-go/v2	v2.4.0 -> v2.5.0

---

Release Notes

tink-crypto/tink-go (github.com/tink-crypto/tink-go/v2)

v2.5.0

Compare Source

This is Tink Go 2.5.0

What's new

The complete list of changes since 2.4.0 can be found here.

• Added key and parameters for:
  • PRF:
    • AES-CMAC-PRF
    • HKDF-PRF
  • Streaming AEAD:
    • AES-CTR-HMAC
    • AES-GCM-HKDF
  • JWT:
    • JWT-ECDSA
    • JWT-RSA-SSA-PKCS1
    • JWT-RSA-SSA-PSS
    • JWT-HMAC
  • Signature:
    • ML-DSA
    • SLH-DSA
• Behavior changes:
  • The NewKey and NewKeyData methods of aessiv key manager no longer accept a nil serialized key format.
  • It is no longer possible to create keysets with invalid JWT ECDSA, RSA-SSA-PKCS1 and RSA-SSA-PSS keys. We believe this will mostly affect tests, and shouldn't be a breaking change for Tink users. If not, please
    file an issue.
  • JWT key managers no longer allow creating Primitives. They have been replaced by "full" primitive implementations. If this affects you, please file an issue.
  • keyderivation.New now expects key managers to implement the keyderiver.KeyDeriver interface. This may affect users registering a key derivation key manager whose Primitive() method returns a custom KeysetDeriver primitive. The returned primitive will have to implement the DeriveKey([] salt) (key.Key, error) method as well. Please file an issue if this affects you.
  • AEAD key managers returned by registry.GetKeyManager() will no longer implement internalregistry.DerivableKeyManager. Please file an issue if this affects you.
  • The Primitive() method of the key manager returned by registry.GetKeyManager("type.googleapis.com/google.crypto.tink.PrfBasedDeriverKey") is now unimplemented. Users who access the key manager directly must now create a new keyset.Handle and obtain the primitive with keyderivation.New.
• Minimum supported Go version is 1.24.

Future work

To see what we're working towards, check our project roadmap.

Get started

To get started using Tink, see the setup guide.

Go tooling

go get github.com/tink-crypto/tink-go/v2@​2.5.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 3 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.23.0 -> 1.24.0
golang.org/x/crypto	v0.35.0 -> v0.41.0
golang.org/x/sys	v0.30.0 -> v0.35.0
google.golang.org/protobuf	v1.36.5 -> v1.36.8