[deps] Omni-bus dependency update

[helsaawy]

Consolidate dependabot updates

• Bump github.com/veraison/go-cose from 1.0.0-rc.1 to 1.2.0 #1825
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test #1988
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 #1989
• Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 #1995
• Bump go.uber.org/mock from 0.3.0 to 0.4.0 #1997
• Bump github.com/lestrrat-go/jwx from 1.2.26 to 1.2.28 #2007
• Bump github.com/lestrrat-go/jwx from 1.2.26 to 1.2.28 in /test #2008
• Bump github.com/open-policy-agent/opa from 0.42.2 to 0.61.0 #2010
• Bump github.com/opencontainers/runc from 1.1.10 to 1.1.12 #2014
• Bump github.com/opencontainers/runc from 1.1.10 to 1.1.12 in /test #2015
• Bump golang.org/x/sys from 0.13.0 to 0.17.0 #2024
• Bump golang.org/x/sys from 0.13.0 to 0.17.0 in /test #2025
• Bump golangci/golangci-lint-action from 3 to 4 #2026
• Bump google.golang.org/grpc from 1.59.0 to 1.62.0 #2035
• Bump go.etcd.io/bbolt from 1.3.7 to 1.3.9 #2036
• Bump github.com/Microsoft/cosesign1go from 0.0.1 to 1.1.0 #2037
• Bump google.golang.org/grpc from 1.59.0 to 1.62.0 in /test #2038

[anmaxvl]

cool, looks like ACC has updated cosesign1go :) FYI @KenGordon

[anmaxvl]

ran rego tests locally. they look good. LGTM as long as the CI test failures are unrelated.

[katiewasnothere]

LGTM

[jpayne3506]

@helsaawy looks like #2010 github.com/open-policy-agent/opa got missed.

Is there plans besides leveraging dependabot #2049 to update?

Would CVE(s) https://github.com/advisories?query=github.com%2Fopen-policy-agent%2Fopa help move the needle?