chore(CI): Add govulncheck Github action (#12783)

.github/workflows/govulncheck.yml

@@ -0,0 +1,22 @@
+name: govulncheck
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    # Trigger every day at 16:00 UTC
+    - cron: '0 16 * * *'
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Scan for Vulnerabilities in Code
+        uses: Templum/govulncheck-action@v0.0.9
+        with:
+          go-version: '1.20'
+          vulncheck-version: latest
+          package: ./...

tools/update_goversion/main.go

@@ -162,6 +162,11 @@ func main() {
 			Regex:    `(go-version).*`,
 			Replace:  fmt.Sprintf("$1: '%s'", noPatchVersion),
 		},
+		{
+			FileName: ".github/workflows/govulncheck.yml",
+			Regex:    `(go-version).*`,
+			Replace:  fmt.Sprintf("$1: '%s'", noPatchVersion),
+		},
 		{
 			FileName: "go.mod",
 			Regex:    `(go)\s(\d.\d*)`,