Bump the all-go-deps group across 1 directory with 3 updates

[dependabot]

Bumps the all-go-deps group with 2 updates in the / directory: filippo.io/torchwood and golang.org/x/mod.

Updates filippo.io/torchwood from 0.8.0 to 0.9.0

Changelog

Sourced from filippo.io/torchwood's changelog.

v0.9.0

torchwood

• Added FormatProof, FormatProofWithExtraData and ProofExtraData to format c2sp.org/tlog-proof@v1 inclusion proofs ("spicy signatures").

• Added Policy interface and VerifyProof/VerifyCheckpoint to verify proofs and checkpoints against a configurable (co)signature policy.

• Added ParsePolicy to parse policies from a format based on the Sigsum textual policies, but using vkeys instead of raw public keys.

tesserax

• New package with a TileReader adapter for tessera.LogReader.

litebastion

• -listen-http now accepts host:port in addition to a bare port number.

• ACME now works correctly when using -listen-http.

• Added -tls-cert and -tls-key flags to use a provided TLS certificate instead of ACME. -testcert was removed.

• The backends file is now allowed to be empty.

• Added -obscurity flag to disable the /logz endpoint.

litewitness

• Added -obscurity flag to disable the / and /logz endpoints.

witnessctl

• add-key now rejects duplicate keys.

• list-logs no longer shows duplicate keys and bastions.

age-keyserver

• Added new tlog demo implementing an age keyserver (see https://words.filippo.io/keyserver-tlog/).

Commits

• d6aedf0 cmd/{litebastion,litewitness}: add -obscurity flag
• ce6e210 internal/witness: reject requests with more than 63 proof lines
• 5133cde internal/witness: return 404 for unknown logs
• 4e5b182 cmd/litewitness: fix TestScript/bastionlocalhost
• 5fbf6b2 NEWS: add recent changes for v0.9.0
• bc819ad cmd/litebastion: add TLS cert/key flags (#52)
• 64481ef cmd/witnessctl: improve warning for logs with no keys
• 12ebc84 witnessctl: reject duplicate keys in add-key
• f2f6262 bastion: fix ACME when using HandleBackendConnection
• d9bdbe9 cmd/litebastion: support custom host for HTTP listener
• Additional commits viewable in compare view

Updates github.com/transparency-dev/formats from 0.0.0-20251017110053-404c0d5b696c to 0.0.0-20251208091212-1378f9e1b1b7

Commits

• See full diff in compare view

Updates golang.org/x/mod from 0.31.0 to 0.32.0

Commits

• 4c04067 go.mod: update golang.org/x dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions