Release etcd 3.4.36

[AwesomePatrol]

What would you like to be added?

To include fixes:

• [3.4] Avoid deadlock in etcd.Close when stopping during bootstrapping #19166
• [3.4] fix runtime error: comparing uncomparable type #18936
• [3.4] Bump golang.org/x/crypto and golang.org/x/net #19197
• [3.4] mvcc: restore tombstone index if it's first revision #19251
• [3.4] Update golang toolchain to 1.22.12 #19337

Why is this needed?

Resolve bugs and CVE

[ivanvc]

@ahrtr, do we want to release v3.4.36 now? Technically, the CVEs don't affect the project directly, i.e., see the result from govulncheck (but I guess some third party security/static checks may complain about etcd v3.4.35):

=== Module Results ===

Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Vulnerability #2: GO-2024-3321
    Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2024-3321
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.

[ahrtr]

@ahrtr, do we want to release v3.4.36 now?

3.4.35 was released 3 months ago. I think we should release new patch based on https://github.com/etcd-io/etcd/blob/main/Documentation/contributor-guide/release.md#patch-release-criteria

[ivanvc]

Sounds good. I'll replace this issue with a new one to control/edit its body.

Thanks, @AwesomePatrol, for bringing this up!

[ivanvc]

Superseded by #19393.