[2/2] Add Security workflows: GoSec scan workflow

[amanbrar1999]

Motivation

Related to #2325 and issue open-telemetry/oteps#144

GoSec is a static analysis engine which scans go source code for security vulnerabilities. As the project grows and we near GA it might be useful to have a workflow which checks for security vulnerabilities so we can ensure every incremental change is following best development practices. Also passing basic security checks will also make sure that there aren't any glaring issues for our users.

Changes

This PR adds GoSec security checks to the repo

Workflow Triggers

• daily cron job at 2:30am
• workflow_dispatch (in case maintainers want to trigger a security check manually)

cc- @alolita

[codecov]

Codecov Report

Merging #2326 (f678f4b) into master (86ec919) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2326   +/-   ##
=======================================
  Coverage   92.02%   92.02%           
=======================================
  Files         273      273           
  Lines       15367    15367           
=======================================
  Hits        14141    14141           
  Misses        845      845           
  Partials      381      381           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 86ec919...f678f4b. Read the comment docs.

[bogdandrutu]

Closing this since we already run gosec, see https://github.com/open-telemetry/opentelemetry-collector/blob/master/.golangci.yml#L104