Add Govulncheck as a new securityTest

[fguisso]

Motivation

Golang Security team has developed a new tool to detect vulnerable packages in Golang code and it will be a great addition to huskyCI analysis.

It would be great if

We have all the necessary code to run this scan!

What we expect

• A working container of Govulncheck that outputs a JSON after running the analysis in a particular folder. Similar to this to be uploaded to Docker Hub as huskyci/govulncheck:latest.
• Add into config.yaml commands needed to run inside the securityTest container.
• Adjust context.go to have the new Govulncheck securityTest configs.
• Add new error messages related to Govulncheck in messagecodes.go.
• Add a new file into securitytest package and adjust its logic to now handle Govulncheck output.
• Add new code into client analysis package to print to STDOUT Govulncheck results.

Tips

• Search how a particular securityTest work and apply the same logic (Ctrl + F + "bandit" will do 🙃).

[vitorduarte]

config.yaml file doesn't seem to be available

[fguisso]

We are testing a more complete solution for SCA, probably we will drop this issue beside the implement anti on of osvscanner + cdxgen