pillar: bump otel/sdk to v1.41.0

[eriknordmark]

Description

Bump go.opentelemetry.io/otel/sdk and go.opentelemetry.io/otel/sdk/metric
from v1.40.0 to v1.41.0 in pkg/pillar.

This is the highest version of the SDK compatible with Go 1.24.x — v1.42.0 and
later require Go ≥ 1.25.0. The bump aligns the SDK packages with the
already-at-v1.41.0 core go.opentelemetry.io/otel package.

Dependabot PR #5778 targets v1.43.0 to address three advisories. None of them
are reachable in EVE, and the one that needs v1.43.0 to fix cannot be addressed
without a Go toolchain update:

Advisory	Severity	Status in EVE
GHSA-hfvc-g4fc-pqhx (CVE-2026-39883) kenv PATH hijack	High	Not reachable — host_id_bsd.go has build tag dragonfly/freebsd/netbsd/openbsd/solaris; never compiled for Linux
GHSA-w8rr-5gcm-pp58 (CVE-2026-39882) OTLP HTTP unbounded body	Moderate	Not reachable — affected packages (otlptracehttp, otlpmetrichttp, otlploghttp) are not imported by pillar
GHSA-mh2q-q3fh-2475 (CVE-2026-29181) baggage header DoS	High	Already fixed — patched in go.opentelemetry.io/otel v1.41.0, which pillar already uses

The full upgrade to v1.43.0 can proceed once the Go toolchain moves to 1.25+.

PR dependencies

None.

How to test and validate this PR

• make pkg/pillar builds cleanly (verified locally, exit 0)
• make rootfs builds cleanly (verified locally, exit 0)

Changelog notes

No user-facing changes.

PR Backports

• 16.0-stable: No — dependency version alignment only, no bug fix.
• 14.5-stable: No.
• 13.4-stable: No.

Checklist

• I've provided a proper description
• I've added the proper documentation
• I've tested my PR on amd64 device
• I've tested my PR on arm64 device
• I've written the test verification instructions
• I've set the proper labels to this PR
• I've checked the boxes above, or I've provided a good reason why I didn't check them.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.10%. Comparing base (2281599) to head (3d6a7ab).
⚠️ Report is 644 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5903      +/-   ##
==========================================
- Coverage   19.52%   17.10%   -2.43%     
==========================================
  Files          19      474     +455     
  Lines        3021    85692   +82671     
==========================================
+ Hits          590    14656   +14066     
- Misses       2310    69518   +67208     
- Partials      121     1518    +1397     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.