Update Go toolchain to 1.22.4, which addresses two vulnerabilities in the Go
stdlib.
* CVE-2024-24789: impacts handling of certain types of invalid zip files, which
could be exploited to create a zip file with unexpected contents. This could
potentially impact Nomad users of `artifact` blocks who download untrusted
artifacts.
* CVE-2024-24790: impacts parsing of IPv4-mapped IPv6 addresses.
* build: upgrade to go1.22
* add cl
* build: use codecgen from go-msgpack v1.1.5+base32 and stringer 0.18.0
for compatability with go1.22
* ci: update golangci-lint to 1.56.2
* build: update hclogvet for go1.22
* build: bump to go1.22.1
Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and
CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we
should pick up the toolchain bump if for no other reason than we don't have to
answer questions about that.
* build: update to go1.21
* go: eliminate helpers in favor of min/max
* build: run go mod tidy
* build: swap depguard for semgrep
* command: fixup broken tls error check on go1.21
Go released a security update to fix build-time code injection and execution via
CGO. This doesn't impact already-released versions of Nomad, just the build
toolchain, so we won't be releasing a Nomad security update to go with it.
