chore: do not use sentinel errors when unneeded

- main reason being it's a burden to always define sentinel errors at global scope, wrap them with `%w` instead of using a string directly
- only use sentinel errors when it has to be checked using `errors.Is`
- replace all usage of these sentinel errors in `fmt.Errorf` with direct strings that were in the sentinel error
- exclude the sentinel error definition requirement from .golangci.yml
- update unit tests to use ContainersError instead of ErrorIs so it stays as a "not a change detector test" without requiring a sentinel error

internal/openvpn/pkcs8/algorithms.go

@@ -3,7 +3,6 @@ package pkcs8
 import (
 	"crypto/x509/pkix"
 	"encoding/asn1"
-	"errors"
 	"fmt"
 )
 
@@ -11,8 +10,6 @@ import (
 // https://www.ibm.com/docs/en/zos/2.3.0?topic=programming-object-identifiers
 var oidDESCBC = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 7} //nolint:gochecknoglobals
 
-var ErrEncryptionAlgorithmNotPBES2 = errors.New("encryption algorithm is not PBES2")
-
 type encryptedPrivateKey struct {
 	EncryptionAlgorithm pkix.AlgorithmIdentifier
 	EncryptedData       []byte
@@ -35,8 +32,8 @@ func getEncryptionAlgorithmOid(der []byte) (
 	oidPBES2 := asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 13}
 	oidAlgorithm := encryptedPrivateKeyData.EncryptionAlgorithm.Algorithm
 	if !oidAlgorithm.Equal(oidPBES2) {
-		return nil, fmt.Errorf("%w: %s instead of PBES2 %s",
-			ErrEncryptionAlgorithmNotPBES2, oidAlgorithm, oidPBES2)
+		return nil, fmt.Errorf("encryption algorithm is not PBES2: %s instead of PBES2 %s",
+			oidAlgorithm, oidPBES2)
 	}
 
 	var encryptionAlgorithmParams encryptedAlgorithmParams