chore(deps): driver and launcher Go builder to 1.26.3

[jeffspahr]

Summary

• Bump the kfp-driver and kfp-launcher builder images from golang:1.26.2-alpine to golang:1.26.3-alpine.
• Keep the final runtime image unchanged at alpine:3.21.
• Pin the updated builder tag to Docker manifest digest sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d.

Context

This is part of #13449. The 2.16.1 kfp-driver and kfp-launcher scans reported Go stdlib vulnerabilities from binaries built with an older Go toolchain. Go 1.26.3 is the current Go 1.26 patch release and includes the relevant security fixes.

This PR only addresses the Go toolchain side. The remaining third-party module findings are covered by the relevant Dependabot PRs.

Verification

• git diff --check -- backend/Dockerfile.driver backend/Dockerfile.launcher
• docker build -f backend/Dockerfile.driver -t kfp-driver:go1.26.3-test .
• docker build -f backend/Dockerfile.launcher -t kfp-launcher:go1.26.3-test .
• trivy image --scanners vuln --format json kfp-driver:go1.26.3-test
• trivy image --scanners vuln --format json kfp-launcher:go1.26.3-test

Local Trivy scans on the rebuilt images no longer report stdlib; remaining findings are third-party Go modules covered by the reviewed Dependabot PRs.

[google-oss-prow]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Bumps the Go base image used by the backend driver and launcher Dockerfiles from golang:1.26.2-alpine to golang:1.26.3-alpine, updating the pinned image digest accordingly.

Changes:

• Upgrade Go builder image from 1.26.2 to 1.26.3 in Dockerfile.driver.
• Upgrade Go builder image from 1.26.2 to 1.26.3 in Dockerfile.launcher.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
backend/Dockerfile.driver	Updates builder stage base image tag and SHA256 digest to Go 1.26.3-alpine.
backend/Dockerfile.launcher	Updates builder stage base image tag and SHA256 digest to Go 1.26.3-alpine.

[jeffspahr]

/ok-to-test

[hbelmiro]

We should upgrade all Dockerfiles and the go.mod file.
Also, the changes in the yaml files seems unrelated.

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign chensun for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• backend/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment