Update caddy base image to 2.11.4

[github-actions]

Update caddy base image from upstream

Update Dockerfile ARG CADDY_VERSION

changed lines [13] of file "rootfs/Dockerfile"

v2.11.4

This release patches more security, security-adjacent, and normal bugs. The FrankenPHP project has collaborated on PHP-adjacent patches, which we are grateful for.

The recent surge of patches is mostly attributed to token predictors. We have had to reject more than 75% of "security" reports because they were AI slop spam (or just lazy/incorrect). Please use LLMs and agents wisely to avoid wasting precious maintainer resources. We have started blocking offending accounts that spam slop reports. Thank you to all who submit responsible reports following our security policy to make the project better. We appreciate that the community deems the Caddy project worthy of contribution to improve the broader ecosystem!

Security-related patches:
- caddyhttp: Normalize Windows backslashes in path matcher (thanks @Vincent550102)
- rewrite: Prevent placeholder re-expansion in injected query (thanks @WhiskerEnt)
- templates: Improved `stripHTML` action to more reliably remove malformed HTML (thanks to @jmrcsnchz)
- caddyhttp: Ignore header fields with underscores to prevent collisions (thanks @Vincent550102 for the report and @dunglas for the patch)

:warning: These security patches may be breaking if your application relies on the buggy behaviors.

There are also several other various fixes and enhancements by many other contributors. Thank you everyone who participated!

## What's Changed
* reverseproxy: further prevent body closes from dial errors by @jameshartig in https://github.com/caddyserver/caddy/pull/7715
* caddytls: Fix client auth (fix #7724) by @mholt in https://github.com/caddyserver/caddy/pull/7727
* chore: deps upgrade by @mohammed90 in https://github.com/caddyserver/caddy/pull/7751
* caddyhttp: omit Last-Modified for unusable mod times by @bb4242 in https://github.com/caddyserver/caddy/pull/7740
* caddytls: fix TLS state races and ECH rotation retry by @broady in https://github.com/caddyserver/caddy/pull/7756
* chore: clean up wording and typo fixes by @steadytao in https://github.com/caddyserver/caddy/pull/7745
* reverseproxy: Add regression test for DialInfo network override by @eyupcanakman in https://github.com/caddyserver/caddy/pull/7758
* caddyauth: add candidate placeholders for rejected identities by @steadytao in https://github.com/caddyserver/caddy/pull/7698
* cmd: support caddy start on IPv6-only hosts by @steadytao in https://github.com/caddyserver/caddy/pull/7744
* caddyfile: preserve implicit TLS issuer semantics by @steadytao in https://github.com/caddyserver/caddy/pull/7743
* reverseproxy: wraps request body to prevent closing if not read by @WeidiDeng in https://github.com/caddyserver/caddy/pull/7719
* caddytls: match IDN SNI in connection policies by @steadytao in https://github.com/caddyserver/caddy/pull/7742
* build(deps): bump the all-updates group across 1 directory with 9 updates by @dependabot[bot] in https://github.com/caddyserver/caddy/pull/7752
* caddyhttp: normalize Windows backslashes in path matcher by @Vincent550102 in https://github.com/caddyserver/caddy/pull/7763
* go.mod: update x/net by @steadytao in https://github.com/caddyserver/caddy/pull/7767
* rewrite: prevent placeholder re-expansion in injected query by @WhiskerEnt in https://github.com/caddyserver/caddy/pull/7761
* perf(replacer): optimize memory allocation for file placeholders by @Jualhosting in https://github.com/caddyserver/caddy/pull/7773
* caddytls: skip idna.ToASCII for pure ASCII SNI values by @sleet0922 in https://github.com/caddyserver/caddy/pull/7770
* encode: prioritize zstd and br over gzip in content negotiation by @Jualhosting in https://github.com/caddyserver/caddy/pull/7772
* httpcaddyfile: fix incorrect error message on duplicate matchers by @Brunotlps in https://github.com/caddyserver/caddy/pull/7780
* Patch for GHSA-vcc4-2c75-vc9v by @jmrcsnchz in https://github.com/caddyserver/caddy/pull/7785

## New Contributors
* @jameshartig made their first contribution in https://github.com/caddyserver/caddy/pull/7715
* @bb4242 made their first contribution in https://github.com/caddyserver/caddy/pull/7740
* @broady made their first contribution in https://github.com/caddyserver/caddy/pull/7756
* @eyupcanakman made their first contribution in https://github.com/caddyserver/caddy/pull/7758
* @Vincent550102 made their first contribution in https://github.com/caddyserver/caddy/pull/7763
* @WhiskerEnt made their first contribution in https://github.com/caddyserver/caddy/pull/7761
* @Jualhosting made their first contribution in https://github.com/caddyserver/caddy/pull/7773
* @sleet0922 made their first contribution in https://github.com/caddyserver/caddy/pull/7770
* @Brunotlps made their first contribution in https://github.com/caddyserver/caddy/pull/7780
* @jmrcsnchz made their first contribution in https://github.com/caddyserver/caddy/pull/7785

**Full Changelog**: https://github.com/caddyserver/caddy/compare/v2.11.3...v2.11.4

GitHub Action workflow link

---

Created automatically by Updatecli Options: Most of Updatecli configuration is done via its manifest(s). If you close this pull request, Updatecli will automatically reopen it, the next time it runs. If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made. Feel free to report any issues at github.com/updatecli/updatecli. If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!