fix(lint): address G114 gosec findings in ready, pprof, and health plugins (#7798)

Replace http.Serve() with http.Server{} configured with timeouts to
address G114 gosec findings (HTTP server without timeouts). This
prevents potential slowloris attacks and resource exhaustion.

Changes:
- Add ReadTimeout, WriteTimeout, IdleTimeout (5s each) to HTTP servers
- Use srv.Shutdown(ctx) for graceful shutdown instead of ln.Close()
- Follow existing pattern from plugin/metrics

Fixes part of #7793

Signed-off-by: Azeez Syed <syedazeez337@gmail.com>

plugin/health/health.go

@@ -22,12 +22,15 @@ type health struct {
 	healthURI *url.URL
 
 	ln      net.Listener
+	srv     *http.Server
 	nlSetup bool
 	mux     *http.ServeMux
 
 	stop context.CancelFunc
 }
 
+const shutdownTimeout = 5 * time.Second
+
 func (h *health) OnStartup() error {
 	if h.Addr == "" {
 		h.Addr = ":8080"
@@ -63,8 +66,14 @@ func (h *health) OnStartup() error {
 	ctx := context.Background()
 	ctx, h.stop = context.WithCancel(ctx)
 
-	// #nosec G114 -- TODO
-	go func() { http.Serve(h.ln, h.mux) }()
+	h.srv = &http.Server{
+		Handler:      h.mux,
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 5 * time.Second,
+		IdleTimeout:  5 * time.Second,
+	}
+
+	go func() { h.srv.Serve(h.ln) }()
 	go func() { h.overloaded(ctx) }()
 
 	return nil
@@ -82,7 +91,11 @@ func (h *health) OnFinalShutdown() error {
 
 	h.stop()
 
-	h.ln.Close()
+	ctx, cancel := context.WithTimeout(context.Background(), shutdownTimeout)
+	defer cancel()
+	if err := h.srv.Shutdown(ctx); err != nil {
+		log.Infof("Failed to stop health http server: %s", err)
+	}
 	h.nlSetup = false
 	return nil
 }
@@ -94,7 +107,11 @@ func (h *health) OnReload() error {
 
 	h.stop()
 
-	h.ln.Close()
+	ctx, cancel := context.WithTimeout(context.Background(), shutdownTimeout)
+	defer cancel()
+	if err := h.srv.Shutdown(ctx); err != nil {
+		log.Infof("Failed to stop health http server: %s", err)
+	}
 	h.nlSetup = false
 	return nil
 }