Add gosec to CI

[psilva-veeam]

Is your feature request related to a problem? Please describe.

As part of the OpenSSF badge, static code checking should be fully covered. While govulncheck is already present, more is needed and setting up gosec seems the most logical option for now.

Describe the solution you'd like

Enable gosec scanning. (If convenient, as nightly job that can fail)

Describe alternatives you've considered

There are other solutions, but considering just a flag needs to be set to enable it, this seems to be the logical option for now.

Environment

golangci-lint

Additional context

It is SUGGESTED that at least one of the static analysis tools used for the static_analysis criterion include rules or approaches to look for common vulnerabilities in the analyzed language or environment

#2783

OWASP list of SAST tools: https://owasp.org/www-community/Source_Code_Analysis_Tools

[github-actions]

Thanks for opening this issue 👍. The team will review it shortly.

If this is a bug report, make sure to include clear instructions how on to reproduce the problem with minimal reproducible examples, where possible. If this is a security report, please review our security policy as outlined in SECURITY.md.

If you haven't already, please take a moment to review our project's Code of Conduct document.

[julio-lopez]

• Add more golang linters #2568
• Add checksec to CI #2875