ci: add security scan tool (#729) #4

	name: Security Vulnerability Check

	on:
	push:
	branches-ignore:
	- renovate/**
	paths:
	- "**.go"
	- "go.mod"
	- "go.sum"
	- ".golangci.yaml"
	- ".github/workflows/security.yaml"
	pull_request:
	branches:
	- master
	paths:
	- "**.go"
	- "go.mod"
	- "go.sum"
	- ".github/workflows/security.yaml"
	schedule:
	- cron: "15 3 * * 4"

	env:
	GOTOOLCHAIN: "local"

	jobs:
	vulnerability-scan:
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4

	- name: Install Go
	uses: actions/setup-go@v5
	with:
	go-version-file: "go.mod"
	cache: false

	- name: Go Build Cache (vulnerability_scan)
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg
	key: go-cache-123-${{ hashFiles('/go.mod') }}-${{ hashFiles('/go.sum') }}-vulnerability_scan
	restore-keys: \|
	go-cache-123-${{ hashFiles('/go.mod') }}-${{ hashFiles('/go.sum') }}-
	go-cache-123-${{ hashFiles('**/go.mod') }}-

	- run: go install golang.org/x/vuln/cmd/govulncheck@latest

	- run: govulncheck ./...

Provide feedback