This commit bumps golang.org/x/net to v0.38.0 to address two security
vulnerabilities (CVE-2025-22872 & CVE-2025-22870).
The code is not susceptible to the vulnerability because it relates to
HTML parsing (CVE-2025-22872) or address resolving (CVE-2025-22870).
In this repository we only use golang.org/x/net to emulate CAN using
multicast UDP sockets.
Because of this dependency update we also need to update the Go
version to 1.23, which is a breaking change and also "too early" with
regard to our [Go version support policy].
However, given that Go 1.25 is being released later in August and this
is to address security vulnerabilities we think it is performing the
breaking change now, rather than waiting for 1.25 to land.
BREAKING CHANGE: Update required Go version to 1.23.
[go version support policy]: https://einride.engineering/docs/tech-radar/backend#languages-go
