Update language versions, redis pin, and dependencies

[ydesgagn]

Summary

Routine dependency and configuration refresh. Bumps default language toolchain versions (Go, Node, PHP), pins Redis to a stable major instead of latest, refreshes multi_xml in the lockfile, and ignores the locally generated code-review report.

Key changes:

• Bump Go default to 1.26.3 (in both go and proto sections of config/languages.yaml)
• Bump Node default to 26.1.0 in config/languages.yaml
• Bump PHP default to 8.5.6 in config/languages.yaml
• Pin Redis option default from latest to 9.0 in config/options/redis.yaml
• Update multi_xml to 0.9.1 in Gemfile.lock
• Ignore docs/code-review.md in .gitignore

Types of changes

• Bugfix (fixes an issue)
• New feature (adds functionality)
• Refactoring (improves code without changing functionality)
• Breaking change (incompatible changes)
• Build or security update (updates dependencies, libraries, or security patches)
• Code style or documentation update (formatting, renaming, or documentation changes)
• Other (please describe):

Checklist

• Unit tests added to validate my fix/feature
• I have manually tested my change
• I did not add automation test. Why ?: Configuration/version bumps only, covered by existing CI.
• Database changes requiring migration with downtime or reprocessing of existing data
• The SOUP file lists the risk Level, requirements and verification reasoning associated with each library
• readme.md includes sections on introduction, installation, usage, and contributing
• docs/architecture.md includes sections on the architecture diagram, software units, software of unknown provenance, critical algorithms and risk controls related to PII and security
• Impact on PII, privacy regulations (CCPA/GDPR/PIPEDA), CIS benchmarks or security (availability/confidentiality/integrity); management must be notified