Set up `govulncheck` in CI pipeline
Since this application will be publicly available on the very visible cern.ch and go.cern endpoints, we need to make sure that the application and its dependencies are up-to-date.
Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application.