opa-envoy/1.12.1 package update (#76495)

<p align="center">
<img
src="https://raw.githubusercontent.com/wolfi-dev/.github/b535a42419ce0edb3c144c0edcff55a62b8ec1f8/profile/wolfi-logo-light-mode.svg"
/>
</p>
<!--ci-cve-scan:fail-any-->


**Commit**: 478c39e0f68be2dc11ac44158c94cd087ecbc98f

> **Note:** If you need to make manual changes to this PR, apply the
`skip:staging-update-bot` label so the reconciler won't overwrite them.

<!--staging-update-bot-pr-data-->
<!--
{
  "PackageName": "opa-envoy",
  "Version": "1.12.1",
  "Commit": "478c39e0f68be2dc11ac44158c94cd087ecbc98f",
  "BumpEpoch": false,
  "Manual": false
}
-->
<!--/staging-update-bot-pr-data-->

Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev>

Author: octo-sts[bot]

opa-envoy.yaml

@@ -1,6 +1,6 @@
 package:
   name: opa-envoy
-  version: "1.12.0"
+  version: "1.12.1"
   epoch: 0 # CVE-2025-61729
   description: A plugin to enforce OPA policies with Envoy.
   copyright:
@@ -43,7 +43,7 @@ pipeline:
     with:
       repository: https://github.com/open-policy-agent/opa-envoy-plugin
       tag: v${{vars.mangled-package-version}}
-      expected-commit: acf71a1a8ba1d63a74b68fdb485e43e801df8a5b
+      expected-commit: 478c39e0f68be2dc11ac44158c94cd087ecbc98f
 
   - uses: go/build
     with: