build(deps): bump github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.0

[dependabot]

Bumps github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.0.

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.4.0

What's Changed

• Ignore leading and trailing whitespaces in the armor body in ProtonMail/go-crypto#288
• Update key_generation.go, rename variables to avoid shadowing in ProtonMail/go-crypto#290
• Add InsecureGenerateNonCriticalKeyFlags option to generate non-critical key flags signature subpackets in ProtonMail/go-crypto#291
• Add InsecureGenerateNonCriticalSignatureCreationTime option to generate non-critical signature creation time subpackets in ProtonMail/go-crypto#292
• Bump dependencies and min go version to 1.23 in ProtonMail/go-crypto#294
• ECDHv4: Error on low-order x25519 public key curve points in ProtonMail/go-crypto#299
• Cleartext: Only allow valid hashes in header in ProtonMail/go-crypto#298

Full Changelog: ProtonMail/go-crypto@v1.3.0...v1.4.0

Release v1.4.0-proton

This release is v1.4.0 with support for the following non-standardized features:

• Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

Commits

• a8cc4f0 Merge pull request #298 from ProtonMail/feat/cleartext-hash-header
• 57f891b Merge branch 'main' into feat/cleartext-hash-header
• da5c190 Merge pull request #299 from ProtonMail/fix/ecdh-low-order-curve-points
• 3cc59b0 Merge branch 'main' into feat/cleartext-hash-header
• b11bd23 fix(ecdh): Do not allow low order public key points
• b6bdd12 Merge pull request #294 from ProtonMail/chore/bump-go-and-circl
• b1ff3d5 Bump crypto dependencies and min go version to 1.23
• cfb2af9 fix(cleartext): Check hashes in headers
• de87788 Add InsecureGenerateNonCriticalSignatureCreationTime option to generate non-c...
• 0906643 Add InsecureGenerateNonCriticalKeyFlags option to generate non-critical key f...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

The ticket CLOUDP-386295 was created for internal tracking.

Note: Jira ticket will be closed automatically when this PR is merged.

[cveticm]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.