go fix gets rewritten in Go 1.26 so libraries can ship their own migrations

The lead read is a walkthrough of Go 1.26's rewritten go fix, which lets library authors ship migration logic alongside deprecations so downstream code updates itself instead of rotting in a TODO. It pairs neatly with a field report from someone who actually moved a production service onto 1.26 and wrote down what shifted. Elsewhere, a proposal against crypto/mldsa points out that Verify can't check signatures produced with crypto.MLDSAMu, which is the sort of asymmetry post-quantum APIs really need to get right before 1.27.