chore: bump go.yaml.in/yaml/v4 and modernc.org/sqlite

[dgageot]

Routine dependency bumps validated with task lint and task test.

go.yaml.in/yaml/v4 moves from v4.0.0-rc.5 to v4.0.0-rc.6, and modernc.org/sqlite moves from v1.52.0 to v1.53.0. Both are drop-in upgrades with no API changes affecting this codebase.

google.golang.org/adk was considered for bumping to v1.4.0 but skipped: that release deprecates the server/adka2a package used in pkg/a2a in favour of adka2a/v2, causing staticcheck SA1019 lint failures that require a non-trivial migration.

Module	From	To	Status
go.yaml.in/yaml/v4	v4.0.0-rc.5	v4.0.0-rc.6	bumped
google.golang.org/adk	v1.2.0	v1.4.0	skipped — lint failure (adka2a deprecated, needs adka2a/v2 migration)
modernc.org/sqlite	v1.52.0	v1.53.0	bumped

[docker-agent]

Assessment: 🟢 APPROVE

Routine dependency bump — no issues found.

Module	From	To
go.yaml.in/yaml/v4	v4.0.0-rc.5	v4.0.0-rc.6
modernc.org/sqlite	v1.52.0	v1.53.0

Both are drop-in upgrades touching only go.mod and go.sum. The transitive dependency chain (modernc.org/libc, modernc.org/cc/v4, modernc.org/ccgo/v4, modernc.org/gc/v3) is updated consistently. No application logic is modified, and the go.sum checksums are consistent with the version bumps. No bugs, security issues, or API-breaking changes detected.

The intentional skip of google.golang.org/adk v1.4.0 is well-documented in the PR description.

[docker-agent]

Assessment: 🟢 APPROVE

Routine dependency bump — go.mod and go.sum only. All six updated packages (modernc.org/sqlite, modernc.org/libc, modernc.org/cc/v4, modernc.org/ccgo/v4, modernc.org/gc/v3, go.yaml.in/yaml/v4) have matching h1: hash pairs and are fully in sync between go.mod and go.sum. No orphaned or missing checksums detected. No code changes; no bugs or integrity issues found.