Automate `govulncheck` CI

## Description

To stay on top of security issues in `gh` we would like to periodically run `govulncheck` in CI and be notified of any failures.

`govulncheck` can be incorporated in a number of ways to `cli/cli` repository:

1. Expand [`lint` workflow](https://github.com/cli/cli/blob/trunk/.github/workflows/lint.yml) to include run `govulncheck`, failing pull requests if a Go security vulnerability is detected

1. Create a scheduled workflow that runs `gvulncheck` and [uploads the resulting SARIF file](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions) to GitHub for code scanning alerts

## Expected outcomes

- `gh` is scanned for Go vulnerabilities as part of SDLC process
- CLI maintainers have notification of new vulnerabilities via `#cli-activity` Slack channel

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Automate `govulncheck` CI #11209

Description

Expected outcomes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Automate govulncheck CI #11209

Description

Description

Expected outcomes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Automate `govulncheck` CI #11209