go.mod: vulnerabilities: bump go version to 1.23.12 for (#2077)

`govulncheck` detects some vulnerabilities from the current builds that
are resolved by bumping the minor Go version to `.12`. I have kept the
major version the same.

On current `main`:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode binary ./athens
    === Symbol Results ===

    Vulnerability #1: GO-2025-3956
        Unexpected paths returned from LookPath in os/exec
      More info: https://pkg.go.dev/vuln/GO-2025-3956
      Standard library
        Found in: os/exec@go1.23.5
        Fixed in: os/exec@go1.23.12
        Vulnerable symbols found:
          #1: exec.LookPath

    Vulnerability #2: GO-2025-3849
        Incorrect results returned from Rows.Scan in database/sql
      More info: https://pkg.go.dev/vuln/GO-2025-3849
      Standard library
        Found in: database/sql@go1.23.5
        Fixed in: database/sql@go1.23.12
        Vulnerable symbols found:
          #1: sql.Row.Scan
          #2: sql.Rows.Scan

    Vulnerability #3: GO-2025-3751
        Sensitive headers not cleared on cross-origin redirect in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3751
      Standard library
        Found in: net/http@go1.23.5
        Fixed in: net/http@go1.23.10
        Vulnerable symbols found:
          #1: http.Client.Do
          #2: http.Client.Get
          #3: http.Client.Head
          #4: http.Client.Post
          #5: http.Client.PostForm

    Vulnerability #4: GO-2025-3563
        Request smuggling due to acceptance of invalid chunked data in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3563
      Standard library
        Found in: net/http/internal@go1.23.5
        Fixed in: net/http/internal@go1.23.8
        Vulnerable symbols found:
          #1: internal.chunkedReader.Read

    Your code is affected by 4 vulnerabilities from the Go standard library.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After version bump:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode=binary ./athens 
    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Dockerfile.test

@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.23.5
+ARG GOLANG_VERSION=1.23.12
 FROM golang:$GOLANG_VERSION
 
 RUN echo $GOLANG_VERSION

appveyor.yml

@@ -10,7 +10,7 @@ environment:
   GOPROXY: https://proxy.golang.org
   SKIP_UNTIL_113: true
 
-stack: go 1.23.5
+stack: go 1.23.12
 
 test_script:
   - go version

docker-compose.yml

@@ -5,7 +5,7 @@ services:
       context: .
       dockerfile: cmd/proxy/Dockerfile
       args:
-        GOLANG_VERSION: "1.23.5"
+        GOLANG_VERSION: "1.23.12"
     environment:
       - ATHENS_MONGO_STORAGE_URL=mongodb://mongo:27017
       - TIMEOUT=20 # in case the mongo dependency takes longer to start up
@@ -20,7 +20,7 @@ services:
       context: .
       dockerfile: Dockerfile.test
       args:
-        GOLANG_VERSION: "1.23.5"
+        GOLANG_VERSION: "1.23.12"
     command: ["./scripts/test_unit.sh"]
     environment:
       - GO_ENV=test
@@ -36,7 +36,7 @@ services:
       context: .
       dockerfile: Dockerfile.test
       args:
-        GOLANG_VERSION: "1.23.5"
+        GOLANG_VERSION: "1.23.12"
     command: ["./scripts/test_e2e.sh"]
   azurite:
     image: arafato/azurite:2.6.5

go.mod

@@ -1,6 +1,6 @@
 module github.com/gomods/athens
 
-go 1.23.5
+go 1.23.12
 
 require (
 	cloud.google.com/go/storage v1.45.0