[release-0.89] CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

[oshoval]

What this PR does / why we need it:
Update go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
according GHSA-rcjv-mgp8-qvmr
and do manual required changes based on
open-telemetry/opentelemetry-go#4586 (comment)

Special notes for your reviewer:
Had to update k8s/x (v0.26.3) and kubevirt.io/x (v1.0.0) because of none backward compatible
changes with otelhttp, bump sigs.k8s.io/controller-runtime, pin specific k8s.io/kube-openapi
and to use go v1.19

Release note:

None

[kubevirt-bot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from oshoval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[oshoval]

/test pull-e2e-cnao-kubemacpool-functests-release-0.89

[oshoval]

It will fail due to this now
kubernetes/client-go#1313
don't have a solution for it yet
unless we try 0.28.3 but we can't because release-0.89 is at most 1.27 basically (1.27 is also broken [2]),
also it didn't work for everyone, just in some cases as can be seen on the issue

the root cause is [1] kubernetes/client-go#1075 (comment)
[2] more info kubernetes/client-go#1075

[oshoval]

Found a way to make it compile, this PR present some bumping that it is good to have (but not mandatory for the CVE),
so lets keep it.
It can also act as ref to what bump because some wasn't straight forward.

Assuming it is fine to use kubevirt.io/x (v1.0.0) on release-0.89, else we can't merge it.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
10 Code Smells

No Coverage information
0.0% Duplication

[oshoval]

/test pull-cluster-network-addons-operator-unit-test-release-0.89

not sure it works yet

https://prow.ci.kubevirt.io/view/gs/kubevirt-prow/pr-logs/pull/kubevirt_cluster-network-addons-operator/1731/pull-cluster-network-addons-operator-unit-test-release-0.89/1729769351227117568

/tmp/cnao/cluster-network-addons-operator/build/_output/bin//go//bin//go vet ./pkg/... ./cmd/... ./test/... ./tools/...
# kubevirt.io/client-go/generated/containerized-data-importer/clientset/versioned/typed/core/v1beta1
vendor/kubevirt.io/client-go/generated/containerized-data-importer/clientset/versioned/typed/core/v1beta1/volumeclonesource.go:41:57: undefined: v1beta1.VolumeCloneSource

closing, because for not it is not a must, if we need it in the future we can continue from here

[kubevirt-bot]

@oshoval: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-e2e-cnao-monitoring-k8s-release-0.89	1b84b44	link	true	/test pull-e2e-cnao-monitoring-k8s-release-0.89
pull-e2e-cnao-lifecycle-k8s-release-0.89	2466a6f	link	true	/test pull-e2e-cnao-lifecycle-k8s-release-0.89
pull-e2e-cnao-macvtap-cni-functests-release-0.89	2466a6f	link	true	/test pull-e2e-cnao-macvtap-cni-functests-release-0.89
pull-cluster-network-addons-operator-unit-test-release-0.89	422d4f1	link	true	/test pull-cluster-network-addons-operator-unit-test-release-0.89

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.