fix(deps): remediate console vulnerabilities via containerd v1.7.33

[plural-copilot]

Summary

• bump the existing indirect github.com/containerd/containerd dependency from v1.7.32 to v1.7.33
• keep the remediation scoped to the minimal safe dependency change in plural-cli
• avoid unrelated module churn; go.sum remains unchanged

Why

This PR is part of remediating console service vulnerabilities in the pluralsh/console image lineage by fixing the dependency here in pluralsh/plural-cli.

Fixed CVEs:

• CVE-2026-53488
• CVE-2026-47262

github.com/containerd/containerd was already present as an indirect dependency at v1.7.32, so the smallest safe fix is to pin that existing requirement to v1.7.33, which is the first fixed version requested.

Validation

• confirmed github.com/containerd/containerd resolves to v1.7.33
• verified the targeted module resolution did not require additional dependency file churn
• attempted containerized go test ./pkg/... ./cmd/command/...; the run did not complete in-session because of extensive cold-start dependency downloads in the ephemeral environment

Downstream follow-up

pluralsh/console should consume a rebuilt plural-cli artifact/image after this merges so the remediated dependency is present in downstream console-related images.

[plural-copilot]

This PR was generated by the codex Plural Agent Runtime. Here's some useful information you might want to know to evaluate the ai's perfomance:

Name	Details
💬 Prompt	Create a remediation PR in this repository to address console-related Go vulnerabilities already identified....
🔗 Run history	View run history