Bump hashicorp/vault/api to v1.16.27+ to fix CVE-2025-11621, CVE-2025-12044

[vdemeester]

Summary

Two Vault CVEs affect tkn:

• CVE-2025-11621: AWS auth method bypass via cache mishandling (CVSS 8.1)
• CVE-2025-12044: DoS via rate limit regression (CVSS 7.5)

Current State

• main: v1.16.0
• release-v0.42.0: v1.16.0
• release-v0.37.2: v1.12.2

Required

Bump github.com/hashicorp/vault/api to v1.16.27+.

References

• https://discuss.hashicorp.com/t/hcsec-2025-30-vault-aws-auth-method-authentication-bypass-through-mishandling-of-cache-entries/76709
• https://discuss.hashicorp.com/t/hcsec-2025-31-vault-vulnerable-to-denial-of-service-due-to-rate-limit-regression/76710