Bump nixpkgs, flake, go to fix deprecated golang.org/x/crypto

[adamtulinius]

This PR replaces #256 since more work is required.

Fixes https://github.com/DBCDK/morph/security/dependabot/10

Bumping golang.org/x/crypto requires updating go to at least 1.23, but go 1.23 isn't in 24.05, so I'm taking this opportunity to also update our flake input of nixpkgs from nixos-24.05 to nixos-24.11, which is long overdue anyways. Maybe it should even be updated to unstable.

This also bumps all go dependencies and runs tidy on them. There's also a bonus-fix to .envrc to keep shellcheck happy.

[cafkafk]

With passing CI, this seems sane to me 👍

[adamtulinius]

With passing CI, this seems sane to me 👍

Sorry, I'm an idiot, I just did a manual rebase on master and force pushed it, so now the CI is spinning again..

[adamtulinius]

@cafkafk The flake check is very wonky on the current nixpkgs version I pinned to (the one based on nixos-24.11) - it seems like the nodejs version used actually just isn't cached on hydra for some reason or the other.
Should I try finding a different commit from 24.11 that works, or just bump to nixos-unstable for now (which does work). I'm not really sure which version morph should actually use, and I guess the answer is actually "it depends", but what's your take on it?

[adamtulinius]

@cafkafk The flake check is very wonky on the current nixpkgs version I pinned to (the one based on nixos-24.11) - it seems like the nodejs version used actually just isn't cached on hydra for some reason or the other. Should I try finding a different commit from 24.11 that works, or just bump to nixos-unstable for now (which does work). I'm not really sure which version morph should actually use, and I guess the answer is actually "it depends", but what's your take on it?

@cafkafk ping