fix(syncstate): annotate gosec G118 false positive on lifeCtx

gosec flagged the WithCancel in Start as "cancellation function not called"
because the returned cancel is stored on the struct rather than called/deferred
in scope. It is invoked in Close (covered by tests), and lifeCtx must outlive
Start to drive the reconnect/reconcile goroutines. Suppress the verified false
positive with a justified #nosec G118.

Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Assisted-by: Claude:claude-opus-4-8 [Claude Code]

core/services/syncstate/syncstate.go

@@ -96,7 +96,10 @@ func (m *SyncedMap[K, V]) Start(ctx context.Context) error {
 		return err
 	}
 
-	m.lifeCtx, m.cancel = context.WithCancel(context.Background())
+	// The cancel func is stored on the struct and invoked in Close (covered by
+	// tests); lifeCtx must outlive Start to drive the reconnect/reconcile
+	// goroutines, so it cannot be cancelled or deferred within this scope.
+	m.lifeCtx, m.cancel = context.WithCancel(context.Background()) // #nosec G118 -- cancel is invoked in Close()
 
 	if m.cfg.Nats != nil {
 		sub, err := messaging.SubscribeJSON(m.cfg.Nats, m.subject(), m.apply)