fix: upgrade generateBoundary from MD5 to SHA-256

[mwbrooks]

Changelog

• N/A

Summary

This pull request replaces MD5 with SHA-256 in the hook executor's boundary string generator to resolve a Snyk weak-hash finding.

Also fixes a subtle bug where the original code called MD5Hash.Sum(randomBytes) which appends the hash of empty input to randomBytes, rather than actually hashing the random bytes. The fix properly uses hash.Write(randomBytes) followed by hash.Sum(nil).

Testing

• go test ./internal/hooks/ -run "Test_Hook_Execute_V2" — all pass
• golangci-lint reports 0 issues
• snyk code test no longer flags hook_executor_v2.go

Notes

• Boundary output changes from 32 hex chars (MD5) to 64 hex chars (SHA-256); the SDK uses substring matching so any length works

Requirements

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[codecov]

Codecov Report

❌ Patch coverage is 83.33333% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 71.26%. Comparing base (68134ad) to head (84adf0b).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/hooks/hook_executor_v2.go	83.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #524      +/-   ##
==========================================
- Coverage   71.27%   71.26%   -0.02%     
==========================================
  Files         222      222              
  Lines       18682    18682              
==========================================
- Hits        13315    13313       -2     
- Misses       4185     4188       +3     
+ Partials     1182     1181       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.