fix: remediate containerd vulnerabilities in plural cli

[plural-copilot]

Summary

• remediate console-service vulnerability findings affecting the embedded plural CLI binary
• bump github.com/containerd/containerd from v1.7.32 to v1.7.33
• keep the change minimal by updating only Go module metadata in go.mod and go.sum

Vulnerabilities fixed

• CVE-2026-53488 (github.com/containerd/containerd, High)
• CVE-2026-47262 (github.com/containerd/containerd, Medium)

Files changed

• go.mod — update the indirect github.com/containerd/containerd requirement to v1.7.33
• go.sum — refresh the matching checksums for github.com/containerd/containerd v1.7.33

Validation

• inspected module references to confirm github.com/containerd/containerd is an indirect dependency surfaced in root module metadata
• built the CLI target in Docker with Go 1.26.4 using go build -buildvcs=false ./cmd/plural
• attempted go test ./... in Docker; the suite is large/heavy and did not complete within the remediation session budget

Notes

• This PR is for console-service vulnerability remediation.
• A downstream rebuild/release of the console-service image is required so the shipped /usr/local/bin/plural binary includes the patched dependency.
• No application source files or Dockerfiles were changed; only module metadata was updated.

[plural-copilot]

This PR was generated by the codex Plural Agent Runtime. Here's some useful information you might want to know to evaluate the ai's perfomance:

Name	Details
💬 Prompt	Create a remediation PR in this repository for console-service vulnerability findings that map to the embedded plural CLI binary....
🔗 Run history	View run history