Bump k8s to 1.35 to fix CVEs

[CodesbyUnnati]

What this PR does / why we need it:

The develop branch of kapp have CVEs related to an older k8s version. This PR resovles those CVEs by bumping the k8s version to 1.35.

Which issue(s) this PR fixes:

Fixes #

Updates

github.com/k14s/difflib 
github.com/k14s/ytt 

to

github.com/carvel-dev/difflib 
github.com/carvel-dev/ytt 

Removed a name segment validation test case using an arbitrarily long name (>1000 chars) as recent dependency updates now strictly enforce the Kubernetes 63-character limit for qualified names.
See failing log-https://github.com/carvel-dev/kapp/actions/runs/21741214070/job/62716912444#step:9:536

Explanation for removal-
The test case was originally added to verify that kapp could handle placeholders exceeding 1000 characters. However, our recent Kubernetes dependency updates now strictly enforce the standard 63-character limit for names. Since the upstream library now rejects anything over 63 characters as invalid, testing for >1000 characters is no longer a valid scenario. We should remove the test rather than shortening the string to 63, as we already have multiple other tests covering standard valid names.

┌───────────────────┬────────────────┬──────────┬──────────┬───────────────────┬──────────────────────────────┬─────────────────────────────────────────────────────────────┐
│      Library      │ Vulnerability  │ Severity │  Status  │ Installed Version │        Fixed Version         │                            Title                            │
├───────────────────┼────────────────┼──────────┼──────────┼───────────────────┼──────────────────────────────┼─────────────────────────────────────────────────────────────┤
│ k8s.io/kubernetes │ CVE-2025-13281 │ MEDIUM   │ fixed    │ v1.31.14          │ 1.32.10, 1.33.6, 1.34.2      │ kube-controller-manager: Portworx Half-Blind SSRF in        │
│                   │                │          │          │                   │                              │ kube-controller-manager                                     │
│                   │                │          │          │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-13281                  │
│                   ├────────────────┤          ├──────────┤                   ├──────────────────────────────┼─────────────────────────────────────────────────────────────┤
│                   │ CVE-2025-1767  │          │ affected │                   │                              │ kubelet: GitRepo Volume Inadvertent Local Repository Access │
│                   │                │          │          │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-1767                   │

Does this PR introduce a user-facing change?

Additional Notes for your reviewer:

Review Checklist:

• Follows the developer guidelines
• Relevant tests are added or updated
• Relevant docs in this repo added or updated
• Relevant carvel.dev docs added or updated in a separate PR and there's
  a link to that PR
• Code is at least as readable and maintainable as it was before this
  change

Additional documentation e.g., Proposal, usage docs, etc.:

[devacts]

marking snyk failure as passed from snyk portal till we resolve the issue