Upgrade to Java 25 (#3000)

Error-prone introduced many more checks in Java 25. We fixed a few
and suppressed most. A follow-up bug is opened to clean this up.
An ai agent should be able to clean up most of it.

This PR is created with gemini-cli. Summary of experience:

* The good: AI caught most compatibility issues, and with permission,
  suppressed them through compiler flags and errorprone options.
  It also caught many versio references in scripts.

* Where it didn't shine:
  - It did not find and update the target version spec in the custome
    VKey annotation processor source file.
  - It did not flag eclipse-temurin:21 docker image for upgrade.
  - When running into failure, its first instinct is to disable checks
    e.g., -Werror instead of fixing them.

networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java

@@ -276,7 +276,7 @@ public final class CertificateSupplierModule {
   static Supplier<PrivateKey> providePemPrivateKeySupplier(
       @PemFile Provider<PrivateKey> privateKeyProvider,
       @Named("remoteCertCachingDuration") Duration cachingDuration) {
-    return memoizeWithExpiration(privateKeyProvider::get, cachingDuration.getSeconds(), SECONDS);
+    return memoizeWithExpiration(privateKeyProvider::get, cachingDuration.toSeconds(), SECONDS);
   }
 
   @Singleton
@@ -285,7 +285,7 @@ public final class CertificateSupplierModule {
   static Supplier<ImmutableList<X509Certificate>> providePemCertificatesSupplier(
       @PemFile Provider<ImmutableList<X509Certificate>> certificatesProvider,
       @Named("remoteCertCachingDuration") Duration cachingDuration) {
-    return memoizeWithExpiration(certificatesProvider::get, cachingDuration.getSeconds(), SECONDS);
+    return memoizeWithExpiration(certificatesProvider::get, cachingDuration.toSeconds(), SECONDS);
   }
 
   // TODO(jianglai): Implement P12 supplier or convert the file to PEM format.