fix: update SECURITY.md

Use the correct URL in the vulnerability disclosure policy.

feat: support vxcan with candevice

Only the type check needs to be updated to allow the candevice module to
support VXCAN devices.

fix(deps)!: bump golang.org/x/net to patched version

This commit bumps golang.org/x/net to v0.38.0 to address two security
vulnerabilities (CVE-2025-22872 & CVE-2025-22870).

The code is not susceptible to the vulnerability because it relates to
HTML parsing (CVE-2025-22872) or address resolving (CVE-2025-22870).
In this repository we only use golang.org/x/net to emulate CAN using
multicast UDP sockets.

Because of this dependency update we also need to update the Go
version to 1.23, which is a breaking change and also "too early" with
regard to our [Go version support policy].

However, given that Go 1.25 is being released later in August and this
is to address security vulnerabilities we think it is performing the
breaking change now, rather than waiting for 1.25 to land.

BREAKING CHANGE: Update required Go version to 1.23.

[go version support policy]: https://einride.engineering/docs/tech-radar/backend#languages-go

feat: signal names capitalization

Capitalize signal names in the generated code to make access functions
for signals with snake_case names visible.

chore: bump Go versi
8000
on to 1.22

Go 1.22 is the oldest officially supported version of Go currently and
at Einride we aim to follow that guideline.

In order to get the project to build a number of other changes needed
to be done.

go.einride.tech/sage needed to be updated to get us a golangci-lint
version that can lint 1.22 and with that a whole swath of lints were
activated:
- most are on the form of copyloopvar (i.e. loop variables
  now work as most people expect and we don't need to copy them)
- we were also shadowing min/max builtins that were introduced in Go
  1.21, these are now renamed were applicable.

BREAKING CHANGE: The library requires Go 1.22 to build, no other user
visible changes introduced.

fix: bump Golang version to go1.20

One of our dependencies requires Go 1.20, which means that the project
is not compilable with Go 1.19. This commit updates the module files
to demand the correct version.

This is not a breaking change since the repository was not buildable
with Go 1.19 and thus we should not be breaking anything for anybody.

fix(generate): handle invalid signal name for metadata

fix(cantool)!: CopyFrom accepts canrunner.Node Rx messages

When updating the signature for CopyFrom we accidentally broke a
workflow where receive messages in a `canrunner.Node` and then copy
the data from them using `CopyFrom`. This commit restores CopyFrom to
accept a "message reader" type, but extends that type to also require
that values implement `Frame() can.Frame`.

All messages generated by cantool already implements `Frame()
can.Frame` so only mocks should be affected.

BREAKING CHANGE: This restores old signature of CopyFrom to accept a
message reader instead of a message instance to copy from.

feat(analyze): add unique message ID analyzer

feat(cantool): generate raw setters and getters for physical signals

For physical signals that have value table definitions we generate
getters and setters that operate on the raw signal value, to give
users access to check if signal values correspond to a named constant,
or to write named constants to the signal.

However, there are use-cases (especially for sending test data) for
writing raw values to any physical signal and therefore this commit
adds generation of raw getters and setters to all physical signals.