Update to Go 1.17

[wwuck]

Go before 1.17 has a high rated CVE. Can we please get grpcurl updated to run on Go 1.17?

https://nvd.nist.gov/vuln/detail/CVE-2021-29923

[jhump]

@wwuck, that CVE states:

which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation

There is no such access control in grpcurl so this issue has zero impact on the security of a grpcurl binary built with earlier versions of Go. So, for the exact same reason that the Go team chose to address this in Go 1.17 and to not include in point releases for earlier versions of Go, I'm inclined to hold off. Go 1.17 was just released last week, and there are often numerous point release fixes in the first month or two after a minor release that include urgent compiler and runtime bugfixes and even security updates. So I'm not excited but being a super-early adopter.

[candiduslynx]

1.17.2?