fix: update go-redsync for fips-140 compatibility

[rchincha]

Fixes issue #3445

What type of PR is this?

Which issue does this PR fix:

What does this PR do / Why do we need it:

If an issue # is not available please add repro steps and logs showing the issue:

Testing done on this change:

Automation added to e2e:

Will this break upgrades or downgrades?

Does this PR introduce any user-facing change?:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[rchincha]

Should we just make this default in our container images?

[codecov]

Codecov Report

❌ Patch coverage is 25.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.87%. Comparing base (f724107) to head (0e5c04f).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/api/controller.go	25.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3451   +/-   ##
=======================================
  Coverage   90.87%   90.87%           
=======================================
  Files         183      183           
  Lines       33327    33330    +3     
=======================================
+ Hits        30287    30290    +3     
  Misses       2294     2294           
  Partials      746      746           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[andaaron]

I suggest we also emit a log message stating fips is on, in case it is on, just to validate. And verify that in bats. Maybe use https://pkg.go.dev/crypto/fips140#Enabled

[rchincha]

I suggest we also emit a log message stating fips is on, in case it is on, just to validate. And verify that in bats. Maybe use https://pkg.go.dev/crypto/fips140#Enabled

{"time":"2025-10-12T08:46:58.596597075-07:00","level":"info","message":"fips140 is currently enabled","goroutine":1,"caller":"zotregistry.dev/zot/pkg/cli/server/root.go:57","func":"zotregistry.dev/zot/pkg/cli/server.NewServerRootCmd.newServeCmd.func2"}

[andaaron]

Should we just make this default in our container images?

I dont' know if that is something we want.

Given https://go.dev/doc/security/fips140:

1. there could be performance implications:
   Pairwise consistency tests are performed on generated cryptographic keys. Note that this can cause a slowdown of up to 2x for certain key types, which is especially relevant for ephemeral keys.
2. there could be backwards compatibility implications for HTTPs:
   The [crypto/tls](https://go.dev/pkg/crypto/tls/) package will ignore and not negotiate any protocol version, cipher suite, signature algorithm, or key exchange mechanism that is not FIPS 140-3 approved.
3. Is BLAKE-3 on any approved FIPS compliance list? It is not here https://csrc.nist.gov/Projects/cryptographic-module-validation-program/sp-800-140-series-supplemental-information/sp800-140c