Migrate to checker-sdk-go v1.3.0 with standalone build tag

The SDK split the HTTP server scaffolding into the new
checker-sdk-go/checker/server subpackage. Update main.go to import
server and call server.New, and isolate the interactive form code
behind the standalone build tag so plugin/builtin builds skip
net/http entirely.

checker/collect.go

@@ -377,7 +377,7 @@ func buildProbeASReq(realm string) (messages.ASReq, error) {
 
 // parseASResponse inspects the raw KDC reply and fills the ASProbeResult.
 // Expected replies: KRB-ERROR (PREAUTH_REQUIRED / C_PRINCIPAL_UNKNOWN) or,
-// less commonly, an AS-REP (principal exists and doesn't require preauth —
+// less commonly, an AS-REP (principal exists and doesn't require preauth .
 // AS-REP roasting territory).
 func parseASResponse(raw []byte, out *ASProbeResult) {
 	// Try KRB-ERROR first.
@@ -400,7 +400,7 @@ func parseASResponse(raw []byte, out *ASProbeResult) {
 		return
 	}
 
-	// Try AS-REP. If this succeeds, preauth wasn't required — surface it.
+	// Try AS-REP. If this succeeds, preauth wasn't required, surface it.
 	var asRep messages.ASRep
 	if err := asRep.Unmarshal(raw); err == nil {
 		out.PrincipalFound = true

checker/interactive.go

@@ -1,3 +1,5 @@
+//go:build standalone
+
 package checker
 
 import (

checker/report.go

@@ -257,7 +257,7 @@ then rekey principals with <code>kadmin -q "cpw -randkey principal"</code> or eq
 		})
 	}
 
-	// AS-REP without preauth — AS-REP roasting.
+	// AS-REP without preauth, AS-REP roasting.
 	if r.AS.Attempted && r.AS.PrincipalFound && !r.AS.PreauthReq {
 		out = append(out, remediation{
 			Title: "Enable pre-authentication",