Security Migration to pgx/v5 and Go 1.26.1

[noxymon]

Context

A security audit using govulncheck identified several critical vulnerabilities:

1. GO-2026-4518: Denial of Service in github.com/jackc/pgproto3/v2 (used by pgx/v4).
2. Standard Library Vulnerabilities: Multiple vulnerabilities affecting Go 1.26.0 (GO-2026-4603, GO-2026-4602, GO-2026-4601, GO-2026-4600, GO-2026-4599).

Fix Proposal

This PR migrates the remaining internal tools and test helpers from pgx/v4 to pgx/v5 v5.9.0 and updates the Go runtime to 1.26.1 to resolve all reported vulnerabilities.

Technical Implementation:

1. Vulnerability Fix (GO-2026-4518):
   • Migrated internal/tools/sqlc-pg-gen/main.go, proc.go, and relation.go to github.com/jackc/pgx/v5.
   • Migrated internal/sqltest/pgx.go to github.com/jackc/pgx/v5.
   • This effectively removes the dependency on the vulnerable and end-of-life github.com/jackc/pgproto3/v2.
2. Standard Library Security Patches:
   • Updated go.mod to go 1.26.1.
3. Dependency Cleanup:
   • Executed go mod tidy to prune pgx/v4 and its indirect dependencies from the module graph.

Verification Results

• Vulnerability Scan: govulncheck ./... returns "No vulnerabilities found."
• Tool Integrity: internal/tools/sqlc-pg-gen compiles and functions correctly with the new driver.
• Test Suite: Verified that PostgreSQL tests using pgx still pass.